fuzzing on application non SEH
alhamdulillah after night trying to rack my brain. could eventually also for this post
in this post I will use the application war ftpd
First create a file fuzzer as shown below:
and here I tried using windows xp application in vitualbox
then run the war ftpd in windows xp how to open it and start the application service
to try the street or into the windows xp network. can try by typing nc (ip windows) port his app war
nc 192.168.56.101 21
nc 192.168.56.101 21
and the way the file fuzzer that we created earlier with the name fuzzer.py here using python language
and open the application again. application will have an error
Her war ftpd be damaged by fuzzer sends data at 1000 bytes through USER command
to open the application again. delete files Ftp DAEMON.DAT
and create a new user
after creating a new user. run the application through the application debugger called OllyDbg
his way back file fuzzer. then see what has changed on the bugger her
OllyDbg and register values at war will turn into aaaaaa
Now look where the location of a string of real use in the framework pattern_create.rb
here I try to change the contents of the file fuzzer that was created before her and replace it with a mix of numbers and letters that we created using earlier pattern_creat
way back files that have been edited fuzzer and see what happens to OllyDbg and his war
The second tool uses pattern to determine the value of the byte offset from the beginning of the pattern to the string contained in the register
henceforth consider only the following screenshot
using msfweb n edit file in fuzzer
completed..
sorry if this tutorial messy and less explanation. meburu due time for college. comentar please her and hopefully bermanfaa .. regards uuyeeee
Categories:
0 comments:
Post a Comment