Buffer-Overflow attack: Off-by-One Overflows - Part 2

What we introduce here is referenced from note by Alan, he mentioned that we better attack method is to use Burp Suite Intruder option Sniper mode, which is more close to real life scenario. Here we will walk through the process:


Perform Intruder attack to get the hotel client list with room info. 


Try to use the off-by-one overflow vulnerability to perform overflow attack to collect client info 

Step by step Guide

1. Start Burp Suite Proxy and turn intercpt on, now Fill up the form with First/Last name and room number, click Submit to continue.

2. Now right click to send to intruder

3. Now let's carve the attack, first Add filter of room number. Set attack type as Sniper, then set payload location

4. Let's assume we don't max character size that's set,  we will start from 512 to 10240 stepping at 50. 

5. Then click start Attack, from response table, on request 4112 we see the raw feed shown all the user information with room info.. 

Please publish modules in offcanvas position.