Selasa, 14 Februari 2012

Buffer Overflow VUplayer

VUPlayer



okay, this time i try to buffer overflow VUplayer, script make file to load in the VUplayer




after make file, load file in the VUplayer, so VUplayer will lose, it denotes the application crash, run VUplayer with Ollydbg and load again that file




It shows that the application is affected by the character A in ESP and EIP, after that to produce as many as 1050 bytes of data, execute the command pattern create





and open file create




copy that data in the script





save and load again, remain in ollydbg and the result




different with result before, ESP hit with as many as 1050 data, next used pattern offset




after get the pattern offset, modify the script again




in here i try to write DADAFAFA with little endian method so upside down in writing, load again that file in VUplayer and the result




after that i try again but modify the script be




save and load again, and the result, address ESP have value CCCCCC,




after that try to search the JMP ESP,




choose shell32.dll


write JMP ESP




after get JMP ESP address, modify script at little endian change with JMP ESP address




and the result, value of EIP be different







now find the payload using metasploit, in this season i used windows bind shell, and setting as needed






after get the payload, copy payload to script





save and load again in the VUplayer without ollydbg, and the result







in this position means the application in listening position, now typing the command "telnet <ip_target> <port>"







it means I have not made ​​it into

The second experiment the buffer instead of 7000 and the modules that I use is SETUPAPI.dll

and then search JMP ESM at module SETUPAPI.dll


modify script and is different from the first experiment is JMP ESP address


 save and load at VUplayer and that there is


find payload again, after get it copy to script


save and load again, and that occurred in the same application as the first experiment the listening position. so write telnet <ip_target> <port>




maybe payload still wrong, so I was looking for another payload, I try with Windows Bind Shell and eventually enter






and the final result







i can enter


position running VUplayer






Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)