save file on/root/pentest/python.
2. run VUPlayer and open file serang.pls. If successfull VUPlayer can dissappear. i previously used file.m3u,
.asx is executed and the results are successfull.
with 2000 byte
3. i also run VUPlayer with OllyDbg and open file serang.pls. and the result is :
at register system occur crash.
4. Open terminal and entry on #/pentest/exploit/framework/tools
create ./pattern_create.rb 2000
seen collection string patterns as much 2000
then input into the application fuzzer
5. Run VUPlayer with OllyDbg and open file result patterns. See result, application VUPlayer filled full with string
patterns who has entered in the application fuzzer.
6. Open pattern_offset.rb on /pentest/exploit/framework/tools, for count how many bytes that there from the
initial pattern to the string contained in the register
7. type script below :
Run again VUPlayer and note value that there the EIP register value of EIP has change DDCCBBAA.
8. Type script below :
run script on VUPlayer Converter, stack fill garbage data in the from of the character \xAA
9. open menu view > executable module then search shell32.dll
search JMP ESP with right mouse click search for > command
10. Open payload with use ./msfweb
open browser and type 127.0.0.1:55555 to entry metasploit
11. Fill data this below :
click Generate Payload and see result :
12. Type fill generate payload script below :
run script at top and see result :
VUPlayer is crash
13. Open terminal and run telnet 192.168.56.101 4444, and see result :
PAYLOAD is success.
Tidak ada komentar:
Posting Komentar