Home » Archives for September 2012

Buffer Overflow winamp crash

Posted by Unknown Thursday, September 27, 2012 0 comments
The first makes fuzzer to send garbage data.
Here I make the data in the form of a character as much as 30 000

then run the python file that you have created with the command
root @ bt :/ var / www / uye # python ijoagomo.py. I save this file in the root directory / var / www with the file name ijoagomo.py
after run python file earlier. let go of existing windows and download the results generat divirtualbox python file into whatsnew.txt
before downloading the file. apache start there first dibacktrack
 
 once downloaded. save the file and move it into program files and copy kefolder winamp
after his whatsnew.txt file copy application run winamp with OllyDbg. and select the help menu and select about and see what happens in the memory registers. EIP and ESP it will overwrite and will cause the character "aaaaaaaa"
after diopen click the play symbol to run its applications winamp
 

help click and select about who is on winamp
 

alhamdulillah its successful EIP and ESP crushed

for its onwards I will continue later. so thank you. regards uyee

BufferOverFlow easy RM to MP3 converter

Posted by Unknown Tuesday, September 25, 2012 0 comments
this time I will post a buffer overflow that occurs in the application easy RM to mp3 converter
first create a file fuzzer
  

save and download the file generated from the fuzzer through windows in a virtual
start by apache and enter the browser in windows xp



after the file downloaded. galaudewa.ram load files into RM-MP3 converter but way right through OllyDbg

 

see what happens in the memory registers in OllyDbg
after that, write command "pattern_create.rb 27000 > string_create.txt", open file "string_create.txt" and copy to the console
 
load again in RM-MP3 with ollydbg, and will show likes under this
after that input ESP and EIP at pattern_offset, so that we can know how many bytes are needed to reach the stack,  
  


 save and load again file "galaudewa.ram", and will show likes under this, look value of EIP change to DEADBEEF


after that i try to doing writing at ESP, add command likes under this
and the result seen likes under this
  and then i search the JMP ESP with ollydbg, way as shown below
so will show window likes under this, and i choose shell32.dll
right-click and choose "seacrh for  Command"
so  get the JMP ESP address 



and then modify the script again
 
 and load the file again so will transform likes under this
 well find the payload using metasploit, in this season i used windows bind shell, and setting as needed
copy payload in the script made earlier
rebound galaudewa.ram file into RM-MP3 without using OllyDbg
it denotes the application crash, and finally write "telnet <ip_target> <port>"
  alhamdulillah. finally succeeded because of hard work. regards uye

fuzzing on application non SEH

Posted by Unknown Tuesday, September 18, 2012 0 comments
alhamdulillah after night trying to rack my brain. could eventually also for this post

in this post I will use the application war ftpd
First create a file fuzzer as shown below:
  and here I tried using windows xp application in vitualbox
then run the war ftpd in windows xp how to open it and start the application service
to try the street or into the windows xp network. can try by typing nc (ip windows) port his app war
nc 192.168.56.101 21
 when prompted to enter a username ignore it. due only to ensure only that we are connected with xp bt
and the way the file fuzzer that we created earlier with the name fuzzer.py here using python language
 after success. then see what happens in war ftpd application. if his application out the file fuzzer was working well and successfully
and open the application again. application will have an error
   
Her war ftpd be damaged by fuzzer sends data at 1000 bytes through USER command
to open the application again. delete files Ftp DAEMON.DAT

and create a new user
 
after creating a new user. run the application through the application debugger called OllyDbg
 his way back file fuzzer. then see what has changed on the bugger her
 OllyDbg and register values ​​at war will turn into aaaaaa
Now look where the location of a string of real use in the framework pattern_create.rb
 
 



here I try to change the contents of the file fuzzer that was created before her and replace it with a mix of numbers and letters that we created using earlier pattern_creat
way back files that have been edited fuzzer and see what happens to OllyDbg and his war

The second tool uses pattern to determine the value of the byte offset from the beginning of the pattern to the string contained in the register
 

 henceforth consider only the following screenshot
 using msfweb n edit file in fuzzer


completed..
sorry if this tutorial messy and less explanation. meburu due time for college. comentar please her and hopefully bermanfaa .. regards uuyeeee

Copyright © 2012 Learn Linux BackTrack. All rights reserved.

Super SEO created by Blogger Tuts | Published by GalleryBlogger