This is a tutorial I found which shows how to discover and test an exploit in Windows 7. The tutorial involves using a debugger to test an application that has been sent a buffer overflow and identify the spot in memory to place the shellcode. The tutorial doesn’t get too much into assembly and offers a pretty clear description when needed. There is also a tutorial to exploit Windows applications that have DEP using ROP (a topic that was touched on in Metasploit Unleashed in “Exploit Payloads-MSFrop”).
https://samsclass.info/127/proj/vuln-server.htm
https://samsclass.info/127/proj/rop.htm
Jason A Lindsley says
Interesting Bilaal – did you give this a try? I’d be a little concerned with downloading a program that makes your image vulnerable, but I guess that’s similar to installing Metasploitable.
Loi Van Tran says
Thanks Bilaal,
I’m pretty sure this would come in handy when we try to the Operating Security class’ Windows 7 virtual machines. I will be sure to give it a try on my Windows 7 that is all patched with really no programs on it.
Mauchel Barthelemy says
Interesting piece of discovery. I will give this a try on a virtual Windows 7 machine in my testing environment. But first, for how long these exploits have been around? Aren’t these vulnerabilities Microsoft should have already addressed by now?