bofgen.pl is a simple buffer overflow exploit generation program I worked on for a little bit, just to make some things easier. it allows you to enter simple information and will create an advanced exploit for you, portable to many different architectures and operating systems. check it out.
getenvs.pl - this program finds environment variables in binary programs when you don't have source available to you (or you want to find them quickly). this is especially good for finding buffer overflows in programs easily
testenvs.pl - this will take a binary program, find all of the environment variables, and fill them up with data to attempt to overflow it. it's good with use of `find / -perm -4000`. it will easily help you find some exploitable (through ENV variables) programs and it will also attempt to exploit the program with a basic arguement buffer overflow.
options are below for bofgen (when certain questions are answered, that value may intentionally change/add/remove other questions)
Buffer Overflow Exploit Generation program [bofgen.pl] By CommPort5 [@LucidX.com] * = required, []'s = default (and required) name of your exploit [exploit.pl]: * path (full path recommended) to exploitable program: nop [\x90]: return address [0xbfffffff]: offset [0]: * length to overwrite %eip (without the +100): remove all environment variables before executing program (1 = true, 0 = false) [1]: * type of buffer overflow, 1 = arguement, 2 = environment: 1 = aix 2 = bsdi 3 = dg_ux 4 = freebsd 5 = hp_ux 6 = linux_x86 7 = linux_sparc 8 = openbsd 9 = ppc_linux 10 = ppc_bsd 11 = openserver 12 = solaris_sparc 13 = unixware * enter the OSs you would like support for (enter numbers, whitespace seperated): preceding arguements (before buffer overflow, if any): insert environment variable (key name, if any - not buffer overflow key): insert environment data for key: accept an offset from the user in command line (1 = true, 0 = false) [0]: require an offset from the user in command line (1 = true, 0 = false) [0]: accept a return address from the user in command line (1 = true, 0 = false) [0]: require a return address from the user in command line (1 = true, 0 = false) [0]: enter key to use to store buffer: Exploit saved in exploit.pl - made by bofgen.pl - http://bofgen.LucidX.com - CommPort5@LucidX.com -