VUPLAYER

For the umpteenth time that I would ruin a music player application :) just please download the application here vuplayer.we try to find any information on this application, it turns out therefeature to enter the playlist, enter a url and so on, we try to loadplaylist. pls with the file that we will create the perl language,just huddled over a script like this

 


and did not make the player crash,



We try to insert data greater,here say using 90 000 data.


we try to load again in vuplayer,


and the result was the same. 

we try to change the file format .pls be .m3u.
hmmm, players showed no signs of that crash.



we try to find another way, there is a feature to enter the URLs, we try to fill with garbage data.
how much you want to fill up



waw has application crash! you smile.



exploitation because the application we can, but do not like before, we try to find another bug,after using the perl language, but can not, what about other languages? like python, c, and others.here I am trying to use python to create a base file. pls to make the application crash,just type in the script as below.



oh mum has application :) we try to raise its value.





owowow, the application crashes!, 




it turns out we've got two bugs so far,do not linger, just our immediate exploitation.The first step is generating the file xxx is to be more regular, we use pattern create follow such steps below 



after tergenerate, we try to enter into a fuzzer application that we created earlier






do repetitions of the load file .pls what happens is the value of EIP and ESP 




next change is to use tools for pattern offset looking into how the value of EIP read.after knowing the value of offset pettern we enter into the application that we created earlier fuzzer





we are looking for the next DEDEBABE type script as below. 




DEDEBABE've read in the EIP address,



now we accumulate the value of EIP with the NOP,do not forget any script that we make our produce pls file execution via load playlists on vuplayer 




if successful, the value in the lower right corner turned into a CCCCC




The next step to find a stepping stone, this time I use shell32.dll do a search of the JMP ESP, 

 


after the value we get, we note that value and put in an application fuzzer that we make,
do not forget to add a payload, such as we used to generate the metasploit web, for more details see the figure below,





 

testing done for the last time by load file. pls vuplayer on media player. turned out to hang, your smile, congratulations, you managed to exploit vuplayer :)

Comments

Popular posts from this blog

Introduction Maltego

EXE file structure