After trying to exploit the application of RM-Mp3 Converter, try again exploitation "vuplayer". Methods, principles and methods used together with fuzzing and based buffer overflow exploit previously.
 |
| VuPlayer On Windows |
Tools :
- Victim (VuPlayer, OllyDbg)
After trying to exploit the application of RM-Mp3 Converter, try again exploitation "vuplayer". Methods, principles and how to same with fuzzing and based buffer overflow exploit previously. This time I will not explain more about the process and how to work as before. Read
First time, make the fuzzer with python, ruby, perl or C. I choose the python language.
 |
| Fuzzer |
Look the fuzzer script, if the fuzzer run it was make a file with the name peterpan.m3u . Peterpan is a one of many kinds famous music group. Ok back to the theme.
 |
| Before VuPlayer |
 |
| After running the fuzzer |
Create the pattern
 |
| pattern create |
Edit the fuzzer and fill the pattern output into the fuzzer
 |
| Fuzzer 2 |
The ESP overwrite...and see the EIP value.
 |
| Overflow |
Find the where is the byte with pattern_offset
 |
| pattern_offset |
Edit Fuzzer and then write the DEADBEEF
 |
| DeadBeef |
Run the fuzzer...and....
 |
| EIP Undercontrol |
DEADBEEF and NOP (No Operation) stack junk...
 |
| Fuzzer Deadbeef and Nop Stack junk |
|
After running the fuzzer....
 |
| EIP undercontrol and stack junk with ccccc |
Open the Executable modules...
 |
| Executable Modules |
|
Choose the module, i choose the SHELL32.dll and open.
 |
| Shell32.dll module |
|
Open the SHELL32.dll and searh for JMP ESP so break point ...
 |
| Search JMP ESP and Break point |
Edit the fuzzer and run againt...
 |
| Fuzzer4 |
After fuzzer run...
Look EIP, stack, and access memory....the value its going to be exploit..Now activated the msfweb (Metasploit)...
 |
| msfweb activated |
Go to the browser...and open the 127.0.0.1:55555 to open the msfweb. Filter the modules, i am using windows execute command to open the calculator. I choose calculator because the size memory is low.
 |
| msfweb filter |
Choose the payload...I choose windows execute command to open the calculators...Dont forget to fill the restricted character with 0x00 0x0a 0x0d because its characters make the payloads can't work.
 |
| Calculator Payload |
Generate the payloads...
 |
| Shellcode or payload |
Lets fill the payload int fuzzer...
 |
| Fuzzer with payload |
Run the fuzzer and then lets see the what happens after the fuzzer run the application and try to load a file with a name peterpan.m3u.
Which occurs vuplayer application not only crash but the application terminate and showing the calculator. The exploit vuplayer application with direct return based buffer overflow succesfully....Its So HOT.
Look EIP, stack, and access memory....the value its going to be exploit..Now activated the msfweb (Metasploit)...
0 comments:
Post a Comment