BufferOverFlow easy RM to MP3 converter
this time I will post a buffer overflow that occurs in the application easy RM to mp3 converter
first create a file fuzzer
save and download the file generated from the fuzzer through windows in a virtual
start by apache and enter the browser in windows xp
after the file downloaded. galaudewa.ram load files into RM-MP3 converter but way right through OllyDbg
see what happens in the memory registers in OllyDbg
after that, write command "pattern_create.rb 27000 > string_create.txt", open file "string_create.txt" and copy to the console
load again in RM-MP3 with ollydbg, and will show likes under this
after that input ESP and EIP at pattern_offset, so that we can know how many bytes are needed to reach the stack,
save and load again file "galaudewa.ram", and will show likes under this, look value of EIP change to DEADBEEF
after that i try to doing writing at ESP, add command likes under this
and the result seen likes under this
and then i search the JMP ESP with ollydbg, way as shown below
so will show window likes under this, and i choose shell32.dll
right-click and choose "seacrh for Command"
and then modify the script again
and load the file again so will transform likes under this
well find the payload using metasploit, in this season i used windows bind shell, and setting as needed
copy payload in the script made earlier
rebound galaudewa.ram file into RM-MP3 without using OllyDbg
it denotes the application crash, and finally write "telnet <ip_target> <port>"
alhamdulillah. finally succeeded because of hard work. regards uye
Categories:
0 comments:
Post a Comment