1
00:00:00,540 --> 00:00:05,430
OK so now we're going to talk about finding bad characters when we talk about finding bad characters

2
00:00:05,430 --> 00:00:10,200
we're talking about this in relation to generating show code when we generate show code.

3
00:00:10,200 --> 00:00:14,070
We need to know what characters are good for the show code and what characters are bad for the show

4
00:00:14,070 --> 00:00:14,980
code.

5
00:00:15,060 --> 00:00:20,580
We can do that by running all the hex characters through our program and seeing if any of them act up

6
00:00:21,150 --> 00:00:22,060
by default.

7
00:00:22,140 --> 00:00:24,990
The no bite act 0 0 acts up.

8
00:00:25,140 --> 00:00:30,330
So we're gonna take a look at what these look like and if any of these bad characters act up in our

9
00:00:30,330 --> 00:00:31,380
program.

10
00:00:31,500 --> 00:00:38,730
So let's go ahead and actually go out to Internet Explorer or Firefox in Cali and what we're gonna do

11
00:00:38,730 --> 00:00:41,120
is I just google bad chars.

12
00:00:41,370 --> 00:00:47,640
So what we're going to look for is this first bulb Security dot com link and it's already got it put

13
00:00:47,640 --> 00:00:48,660
out for us here

14
00:00:52,400 --> 00:00:57,220
so we're looking for is just to copy and paste this variable here.

15
00:00:57,230 --> 00:01:03,920
The bad chars variable a copy this guy and then what we're gonna do is we're gonna go ahead and just

16
00:01:03,920 --> 00:01:04,480
get it.

17
00:01:04,490 --> 00:01:09,860
The last python script to worked on for me that was to stop pi could be whatever you named your script

18
00:01:10,640 --> 00:01:14,360
and if you recall we had just overwritten the IP with four B.

19
00:01:14,360 --> 00:01:16,360
So we're just going to add onto that.

20
00:01:16,400 --> 00:01:23,990
So I'm just going to hit enter twice here and then hit paste and remember we talked about the node by

21
00:01:23,990 --> 00:01:29,840
this x 0 0 being bad I'm going to go ahead and just delete that anyways so we don't even have to run

22
00:01:29,840 --> 00:01:31,550
it through our program.

23
00:01:31,550 --> 00:01:38,060
So when we're talking about bad characters what we do here is we run every single character in hex through

24
00:01:38,060 --> 00:01:38,450
it right.

25
00:01:38,480 --> 00:01:46,280
So we got 1 2 3 4 5 6 7 9 0 0 B's or C etc. all the way to x f f down here.

26
00:01:46,280 --> 00:01:51,290
So some programs have characters just let's make something up for example say X 70.

27
00:01:51,290 --> 00:01:57,150
It may be some command that runs in the program that tells you to do something right.

28
00:01:57,170 --> 00:02:02,510
So we don't want to use x 70 in our generating of Shoko because then the show code is going to break

29
00:02:02,540 --> 00:02:04,880
if it uses this X 70.

30
00:02:04,880 --> 00:02:10,160
So what we do is we pass all of these through the program and we see what looks funny.

31
00:02:10,160 --> 00:02:12,080
Basically it's an eye test.

32
00:02:12,080 --> 00:02:16,020
So what we're gonna do is we're gonna go ahead and save this.

33
00:02:16,050 --> 00:02:17,430
Actually we need to add one more thing.

34
00:02:17,430 --> 00:02:18,480
I apologize.

35
00:02:18,480 --> 00:02:25,660
We're gonna add the bad chars here after the E IP and then we're gonna save this and then again if you're

36
00:02:25,660 --> 00:02:31,210
creating a new file make sure you change your mode of course make sure that you have your immunity running

37
00:02:31,840 --> 00:02:33,850
and you have own server attached.

38
00:02:35,390 --> 00:02:39,370
So what we're gonna do now is we're gonna fire this off.

39
00:02:39,600 --> 00:02:42,960
It should break the program no big deal.

40
00:02:42,960 --> 00:02:43,280
Okay.

41
00:02:43,290 --> 00:02:44,040
Comes through.

42
00:02:44,070 --> 00:02:46,910
We see again we've got a bunch of 40 twos here.

43
00:02:47,130 --> 00:02:53,940
But what we're really interested in is the hex up so we can look at that dump this way we could say

44
00:02:54,330 --> 00:03:01,010
at the ISP right click and say Follow and dump OK.

45
00:03:01,020 --> 00:03:03,300
If you look here let me try to make this bigger.

46
00:03:03,300 --> 00:03:09,310
If you want to make it bigger you can actually go into the text or the appearance I apologize and you

47
00:03:09,310 --> 00:03:15,770
could say the font to OEM I believe is the biggest OK.

48
00:03:15,910 --> 00:03:20,130
And I'll try to pull this up a little bit so it looks bigger here.

49
00:03:20,150 --> 00:03:27,420
So what we're gonna do then is we're going to look at this hex dump here and if this is small I apologize.

50
00:03:28,010 --> 00:03:35,440
So what we're doing is we're saying OK I sent x 0 1 so we're expecting a one two three four five six

51
00:03:35,440 --> 00:03:44,150
seven eight nine then we expect 0 8 0 0 C0 D or easier or F ten eleven twelve thirteen fourteen etc.

52
00:03:44,870 --> 00:03:46,250
We go through this whole list.

53
00:03:46,250 --> 00:03:46,460
Right.

54
00:03:46,460 --> 00:03:52,310
Remember the last thing we sent was f f so we're looking for f f down here we go to every single thing

55
00:03:52,310 --> 00:03:57,490
and we see if there's anything out of place now heads up there's nothing out of place here.

56
00:03:57,680 --> 00:04:01,080
Volts ever was made to be very easy very straightforward.

57
00:04:01,100 --> 00:04:07,250
So there are no bad characters but if there were a bad character it would be out of place would not

58
00:04:07,250 --> 00:04:08,390
make sense.

59
00:04:08,390 --> 00:04:13,400
Like for example if you're reading through and you see ten eleven and then 12 was missing and then it

60
00:04:13,400 --> 00:04:17,520
goes to 13 okay it's likely that twelve is a bad character.

61
00:04:17,660 --> 00:04:21,650
Now to make more sense of this I do have bad characters pulled up.

62
00:04:21,650 --> 00:04:34,330
Let's take a look at this so I've got this dump here instead so if we look we've got 0 1 0 2 0 3 0 0

63
00:04:34,450 --> 00:04:36,410
0 6 0 7 0 8.

64
00:04:37,230 --> 00:04:37,740
OK.

65
00:04:37,760 --> 00:04:40,370
So right away we're missing 4 and 5.

66
00:04:40,370 --> 00:04:41,060
Right.

67
00:04:41,060 --> 00:04:44,620
So we can identify those as bad characters.

68
00:04:44,680 --> 00:04:46,510
And what about the rest.

69
00:04:46,510 --> 00:04:51,430
So if we keep going through here and we keep looking for these B zeros which is how it's identifying

70
00:04:51,750 --> 00:04:54,010
that we know that those are bad characters.

71
00:04:54,010 --> 00:04:59,110
Now I will say that it's not going to always be B zero that shows up is just going to be something that's

72
00:04:59,110 --> 00:05:00,150
out of place.

73
00:05:00,280 --> 00:05:05,050
And this is definitely an eye test that you're going to have to run through when you do buffer overflows

74
00:05:05,050 --> 00:05:10,120
and you're gonna have to make sure you find everything I have in the past missed one bad character generated

75
00:05:10,120 --> 00:05:15,810
my show code and pulled my hair out for 30 minutes to an hour looking at why it was not working.

76
00:05:15,850 --> 00:05:21,040
So if you want to look at this and practice go ahead you go positive video see if you can identify the

77
00:05:21,040 --> 00:05:26,260
rest of the bad characters here but if not I'll identify them for you.

78
00:05:26,350 --> 00:05:27,640
It's these guys.

79
00:05:27,640 --> 00:05:27,990
Right.

80
00:05:28,000 --> 00:05:30,870
So what you would do is you would write all of these down.

81
00:05:31,240 --> 00:05:38,110
You would say OK I'm missing zero for I'm missing zero five I'm missing twenty eight over here I'm missing

82
00:05:38,110 --> 00:05:42,290
twenty nine missing forty four forty five etc..

83
00:05:42,310 --> 00:05:43,090
Right.

84
00:05:43,120 --> 00:05:48,290
So you want to make sure you know take all of these down because when we generate show code in a couple

85
00:05:48,290 --> 00:05:51,010
of videos you're gonna have to remember all of these.

86
00:05:51,010 --> 00:05:55,300
But again lucky for us the only thing we're gonna have to take out and we generate show code is that

87
00:05:55,300 --> 00:05:59,800
no bite which we took out here or else we'd see it start with zero zero.

88
00:05:59,920 --> 00:06:04,670
So we're gonna go onto the next video now and that's going to be called Finding the right module.

89
00:06:04,780 --> 00:06:07,660
And then after that will generate our show code and gain root.