Kamis, 11 Oktober 2012

Cool Player 219 Buffer Overflow

Hi again friends...now we want to learn how to exploit Cool Player v. 219. as usual first we have to find out information about this application and find it's vulnerablity method. 

So, we found that we can use file.m3u (playlist file).
1. Make Fuzzer
create new fuzzer and write down the code above, and run it. then read using ollydbg
from the result we know that Coolplayer can be exploit using local direct return method.

2. Create pattern offset
Next step is create pattern using pattern_create.rb and put the codes into our fuzzer, and run it again on coolplayer and ollydbg, the result like this
then, find the offset of EIP using pattern_offset.tb, and we found


3. JMP ESP
Next step is to find executable module we can use and put the address into our fuzzer. IN this case we can use shell32.dll at JMP ESP command (7C9D30F3) and before we run fuzzer, don't forget do breakpoint at JMP ESP address.
4. Make payload
Because of the space of junk left, we can use execute command payload to put in our fuzzer, so the codes will be

Run fuzzer again, and it should be calculator appear in our lab replacing coolplayer. 



Tidak ada komentar:

Posting Komentar