Information Security

open your Applications BigAnt server

restart and then start

after the start and then open the application and select Ollydbg then attack Antserve.exe

but before we make such advance Scribd fuzzer below

then run / do the fuzzing fuzzing step bleak on the previous application

after the fuzzing then in Ollydbg will change as shown below

then we look into the SEH can click view menu and then select the SEH chain, the results as shown below

then we proceed from the SEH chain data into memory by pressing the shift key + F9 then the value of EIP will be changed to 41414141 the results as shown below

then we see that there is data in the memory right click on the line and then select the folowin the stack dump is as shown in the picture below

Within this we will determine the modules to be used, and we can select the
menu view -excuttable modules after that will come out look like below and then we will useVbeajet32.dll

then we find the location of the command POP, POP RETN in the module and we can clickview menu - Excutable module and double click right on file vbajet32.dll.setelah we right click - search for - squence of command

then you will see a dialog box and fill in as shown below

then Ollydbg will lead to memory addresses in the file vbajet32.dll and Ollydbg also beenfound on the memory address vbajet32.dll
namely the affset 0F9A196A

after we make sure that we can use file vbajet32.dll springboard slanjutnya we look at thebyte address of SEH teroverwrite keberapakah in bufreer as shown in the picture below

copy the pattern into the fuzzer
and after that open OllyDbg and BigAnt application, then do the same again as beforefuzzer. after that click open the SEH chain and can press Shift + F9

then do a command as shown below

then make a fuzzer as shown below

then return the editing buffer \ X41 \ X41 \ X41 \ X41 with the address in memoryvbajet32.dll 0F9A196A
as shown in the picture below

do go back a step fuzzer

then we come back looking the same as above. after that click open the SEH chain. bleaklook at the picture below, where the process is sent into the stack
to find the memory address space owned by a larger right-click Follow Dump -> Selection

then will appear as shown below

then make the shellcode and do a command as shown below

a generate

a generate payload

copy into the fuzzer and do step back and the results fuzzer as below

then do the steps as shown below

copy as shown in the picture below

fuzzer run back as before

and the results fuzzer as below

edit your fuzzer as shown in the picture below

fuzzer run back as before

and the results fuzzer as below

edit your fuzzer as shown in the picture below

fuzzer run back as before

and the results fuzzer as below

run your application and fuzzing, after that you press shift + F9

press F7 and result as below

click right 016FFD94 - Follow in Dump - Selection

select buffer of 01 to FF, then click right -Binary -Binary copy

copy andpaste in text editor as picture below

result ganerate and copy in the text editor as picture below

here to help comparememory.pl we can compare the two files where the difference

a generate

copy into the fuzzer and do step back and the results fuzzer as below

fuzzer run back but now without Ollydbg

fuzzer run back after doing telnet 192.168.56.101 4444
result as picture below

explotl sucses...
hufftttt....
:) :) :)

open your aplikasi Vu player

open via Ollydbg as picture below

result

first we create a simple script like the picture below

fuzzer run as in the previous application steps

after that the results of such Ollydbg below

Next we create a script using the command: root @ bt :/ pentest / exploits / framework / tools #. / pattern_create.rb 3000 and the results are shown in the picture below