File Sharing Wizard

This time I will be demonstrating the exploitation of SEH another application is file sharing wizard,
just download the application here.
still like the previous post, I use OllyDbg as the media to see the processes that occur therein.
before we look for vulnerability to sniffing tools, wireshark, is carried out to find loopholes that will be our exploitation.
I need not explain how to use wireshark,



http listed there,
this is what we will kick ass :)
we will try to beat from the header.
write a script like this
 
actually we have another way, namely username overflow, but the way it is very difficult, therefore I will try from header only. buum! application disappears, it marks the application crashes, to find out what happens, we try to get into OllyDbg
after running the fuzzer, press SHIFT + F9

  
there appear a lot of character, it is the data that we send over the first script that we created earlier.
that data more regularly and to know how EIP value to hit, we use the create and insert the data pattern from the pattern to the script fuzzer

and then press F9 to pass him by SEH, note the value of EIP and then check using the pattern offset
 
 
 
enter the value we are looking into the script by subtracting 4 bytes fuzzer as a benchmark to determine the value tersebt is just right, write the script as below
 
 
if successful, the value would be like this
  
The next process is to control the CPU
write a script like this
 
 
beware!, the value of \ xF5 \ x08 \ x2D \ X66 is the springboard of the module hnetcfg.dll POP R32, R32 POP, RETN
 
 

 If successful the application will break when the process of passing the address.Do not forget, each running a fuzzer always press shift + F9 in OllyDbg to forward data from the SEH chain into the memory



 the last step is to make web payloads using metasploit
do as the steps below,


 insert the payload into the fuzzer, follow the following steps, Observe the code of each payload so as not to lead to something later
and finally



up to this post, I am still trying to find answers to the exploitation of this application .Keep the spirit!  

Comments

Post a Comment

Popular posts from this blog

EXE file structure

Image
I 'll try to explain how a structure file extension .EXE. EXE is a common file extension indicates an executable file ( program) in the DOS , OpenVMS , Microsoft Windows , Symbian , and others. In addition to the executable program , many EXE files contain other components called resources, such as bitmaps and icons which the executable program to be able
Read more

Filesystem Structure

Image
For this time I will explain about a system file structure there are some that I will explain , among others, are : FAT16 FAT32 NTFS EXT2 EXT3 starting from the first , which is FAT16   FAT16 we start from the first FAT . What is FAT ? FAT File System that is used in Windows Operating System . FAT 's name comes from the use of tables that focus on areas where information is empty or may not be used . To limit the size of the table , the disk space allocated to files in hardware sector groups are adjacent , so-called developing cluster. When disk drive , the maximum number of clusters also
Read more

Introduction Maltego

Image
What is maltego ? Maltego are tools for OSINT (Open Source Intelligence Gathering ) , so OSINT is a method of searching the information available to the public and then analyzed and used for certain purposes maltego also an open- source intelligence and forensics application . This allows for the mining and gathering information and presenting this information in a meaningful way .
Read more