SEH and SafeSEH - EXPLOIT File Sharing Wizard

open your  Applications File Sharing Wizard
after the start and then open the application and select Ollydbg then attack file sharing wizard
 after the fuzzing then in Ollydbg will change as shown below
then we look into the SEH can click view menu and then select the SEH chain, the results as shown below
then we proceed from the SEH chain data into memory by pressing the shift key + F9 then the value of EIP will be changed to 41414141 the results as shown below
 Within this we will determine the modules to be usedand we can select the
menu view -excuttable modules after that will come out look like below and then we will use LYBEAY32.dll
then we find the location of the command POPPOP RETN in the module and we can clickview menu - Excutable module and double click right on file LYBEAY32.dll.setelah we right click - search for - squence of command
 then you will see a dialog box and fill in as shown below
then Ollydbg will lead to memory addresses in the file LYBEAY32.dll and Ollydbg also beenfound on the memory address LYBEAY32.dll
namely the affset 77FE2346

after we make sure that we can use fileLYBEAY32.dll springboard in the nectx we look at the byte address of SEH teroverwrite to how in bufreer as shown in the picture below
copy the pattern into the fuzzer
and after that open OllyDbg and BigAnt applicationthen do the same again as beforefuzzerafter that click open the SEH chain and can press Shift + F9

as then start EIP value that we can be like the picture below


















Still have not managed to be continued





0 comments:

Post a Comment