save file on /root/pentest/python
2. run RM-MP3 Converter with OllyDbg and open file overflow.pls
and result is:
at register system occur crash.
2. Open terminal and entry on #/pentest/exploit/framework/tools
create ./pattern_create.rb 55555
seen collection string patterns as much 55555
then input into the application fuzzer
3. Run RM-MP3 Converter with OllyDbg and open file result patterns. See result, application RM-MP3
Converter filled full with string patterns who has entered in the application fuzzer.
4. Open pattern_offset.rb on /pentest/exploit/framework/tools, for count how many bytes that there from the
initial pattern to the string contained in the register.
5. Type script below :
Run again RM-MP3 and note value that there the EIP register
value of EIP has change DEDCCBBA
6. Type script below :
run script on RM-MP3 Converter, stack fill garbage data in the from of the character \xAB
7. open menu view > executable module then search shell32.dll
search JMP ESP with right mouse click search for > command
8. Open payload with use ./msfweb
open browser and type 127.0.0.1:55555 to entry metasploit
click PAYLOAD and search OS:WIN32, search Windows Bind Shell
9. Fill data this below :
click Generate Payload and see result :
10. Type script Payload on fuzzer :
run fuzzer on RM-MP3 and see result :
RM-MP3 is crash :)
11. Open terminal and run telnet 192.168.56.101 4444, and see result :
PAYLOAD is success.
Tidak ada komentar:
Posting Komentar