First I do to know about this application is with Wireshark and this is information I have
So I use this application to make this fuzzer for attack target application
After do this is I found this in SEH Chain
That assume character 54 is end of fuzzer to SEH Chain, and I modified my script like this
And I run this fuzzer in value of fuzze is 130000
Application is hang and character enterance in SEH Chain and make Pattern Create in Metasploit
After I do this modification I running this fuzzer once again and this is effect after I direct SEH Chain with SHFT+F9, I found the EIP value
After I do this I generate Offset with Metasploit right here
Here I found 6 offset value in pattern offset, I use last value to next scipt right here
And here is result for this fuzzer effect
After I press SHIFT+F9 and direct this address to EIP
This mean I was found EIP address and now I will found Jump Short to make my address accurate on landing area
After found the address I modify the fuzzer right here
Here I found I forget to POP POP RETN here my revision Address
And my fuzzer become right here
Here is have null byte so this cant to use this address, need some trick to continued this fuzzing.
To be Contunued...
No comments:
Post a Comment