Hi again friends...now we want to learn how to exploit Cool Player v. 219. as usual first we have to find out information about this application and find it's vulnerablity method.
So, we found that we can use file.m3u (playlist file).
1. Make Fuzzer
create new fuzzer and write down the code above, and run it. then read using ollydbg
2. Create pattern offset
Next step is create pattern using pattern_create.rb and put the codes into our fuzzer, and run it again on coolplayer and ollydbg, the result like this
3. JMP ESP
Next step is to find executable module we can use and put the address into our fuzzer. IN this case we can use shell32.dll at JMP ESP command (7C9D30F3) and before we run fuzzer, don't forget do breakpoint at JMP ESP address.
Because of the space of junk left, we can use execute command payload to put in our fuzzer, so the codes will be
Run fuzzer again, and it should be calculator appear in our lab replacing coolplayer.
Tidak ada komentar:
Posting Komentar