Minggu, 05 Februari 2012

VULNERABILITY DEVELOPMENT "WarFTP" part 1


to perform the process vulnerability we will use several tools, namely:
- Fuzzer  to perform the process fuzzing(we will create a simple application    with python language)
- Nc to connect to vibox
- Ollydbg as dbuger

in each phase of vulnerabilities development, fuzzing process is an early stage that must be carried out by a security researcher.
  • because the application that will exploitasi FTP Server, we make a simple fuzzer that can transmit data to the FTP protocol.
    fuzzer that make use of language Pyton :
 look at the line to 4. that is, a variable named buffer and in which there is data in the form of the character A total of 1000 (1 characters ASCII to 1 byte  , then the data will be sent 1000 byte.







  • Now try to run the application WarFTP from the WindowsXp "vibox" 
 to run the menu select properties -> start service,  WARFTP it would be idle status.










  •  to connect ftp we'll use nc. look like the picture below :

  •  The next step we will run a fuzzer that we created earlier.
    with the command root@bt: ~ # python xfuzz.py.
WarFTP application disappears from the screen. this occurs because the application be CRASH. when trying to process the data transmitted by fuzzer.
This is sought by security researcher. for successful application is turned off by force using a fuzzer.
  • currently running an application server WarFTP
    will display an error message as below     :

 this occurs because the user configuration file generated by the War FTP becomes damaged.
when fuzzer sends 1000 bytes of data via user commands.
to eliminate such errors we have to remove the file FtpDaemon.DAT


run again the application  WarFTP. and create a user via the user's security dummies.
  • at a later stage we use the debugger application "OllyDbg" to execute  WarFTP server.
    through the application process OllyDebugger all data will be seen clearly and easily, and can we learn    .


click the file, select attach
then select the application warFTP.












after application WarFTP in running.
we repeat, to run the application fuzzer that we have made earlier. and see what happens to the application WarFTP and OllyDbg.
register images in OllyDbg :

look to the fourth register "ESP, EDI, EBP, EIP"
all affected values ​​are converted into ASCII 0x41 into the letter A.







if the EIP register at a aplikai successfully stacked the data, then it can be harmful to the existing operating system,

why like that?
because EIP is used by the operating system to execute what commands to be next executed . EIP stored in the memory address to be executed.
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)