1 to make a broken application, then the first step taken is to create a fuzzer, as below. Here we use the USV BigAnt Service have his due. Most of the chat-based applications using the USV
2. then run the fuzzer, it will look like this
3. SEH to 414 141 to change it, open view → SEH chain. Then shift F9
4. it will appear as below, so that the application is damaged.
5. SEH to overcome the protection can use the method of POP, POP, RETN. POP command will remove the very top of the dump file into a virtual register or eliminate the collection of the command stack to stack two and made two perintah.RETN to make a pile. To search can view executable modules → → → click search vbajet32.dll search for the right → → sequence of Commands * vbajet32 because it could mengoverwrite SEH
6. same as in the previous to create value in the EIP will be able to read and change the value AAAA by:
7. create a fuzzer back by entering a value of patten_create above, with:
8. then run the fuzzer shift F9 above, and do the same as above, it will appear EIP 42326742 as follows:
9. to know the value of the use pattern_offset buffer. By typing:
10. calculations to see what would happen to him with a right and that I made DEADDEAD fuzzer. As below
11. then run the fuzzer F9 above, and do shift into writing the results EIP DEADDEAD
12. create a fuzzer to transform memory into CC, as shown below:
13. before running the fuzzer above, then the mark POP, POP, RETN. Then run the fuzzer. It will generate:
14.membuat fuzzer payload as follows:
15. fuzzer run, and do telnet
Tidak ada komentar:
Posting Komentar