because this application does not use SEH on the system module.
- The first we'll create a simple application fuzzing.
fuzing is an inducement to process application data that is not normal
so that later we can see, how the application "WarFTP" into error and will overwrite the EIP.
fuzzer from the script that was created.
on line 5 trying to change the existing value in the EIP register to post DEADBEEF.
on line 5 trying to change the existing value in the EIP register to post DEADBEEF.
results when run on Ollydbg:
EIP turned into DEADBEEF
This is what I tell you.
on a normal objec:
- ESP registers to store the local variable data applications.
- In the case WarFTP storing data entered via user command
- Register ESP-buer to store data as farem EBP register stack
- Then EIP will execute, the next command from WarFTP, which directs the command into the application memory in which there are input-checking function USER
- the memory address Will execute that is input, check whether the user input is in the system
- register ESP unallocated fuzzer, because the data is too much eventually overwrite the address register itself. the data in the form of AAAA.
- The full register ESP, making the system sends data to the next register in EBP.
- After EBP overwritten, the data continues overwrite register EIP . and this makes the program crash.
with falling values in the registerEIP register.
there will be an opportunity for an attacker to control the register EIP value and change it as you wish
resorces: 
Tidak ada komentar:
Posting Komentar