SEH : BigAnt Server Vulnerability Exploitation

Okey, after we learn about Non-SEH application exploitation, now we will to try exploit the application that have SEH or Structure Exception Handling. A little about SEH, SEH is a mechanism that is owned by a software and hardware to handle an exception. Exception will occur when an application tries to perform the execution of code that is outside the normal, for example in the case of buffer overflow.
 
Let's begin..

In this practice I use the BigAnt server application. BigAnt server is a server messaging application. This software built using SEH and linker SEH, that makes these applications is not easy to be exploited using direct RETN EIP like in case of WarFTP.

Easy RM-MP3 Converter Buffer Overflow

Okey guys, in this post I will try to exploit Easy RM-MP3 Converter using Buffer Overflow. Do you know what is purpose of this? To control the operating system where the Easy RM-MP3 Converter runs.

In this post I will try to find the vulnerability of the Easy RM-MP3 Converter. To find the software vulnerability we can use Buffer Overflow. In this practice I use Windows XP SP3 where the Easy RM-MP3 Converter installed. The Backtrack is Bactrack 5 R2 version.

Let's begin..

- After the Easy RM-MP3 Converter installed, then run the application.

Mini-stream RM-MP3 Converter Buffer Overflow

Mini-stream RM-MP3 Converter Buffer Overflow

Exploit WarFTP 1.65 using Buffer Overflow

Okey, now we will learn about attacking vulnerability application using buffer overflow. Before that, it would be better if we first know about the buffer overflow.

What is buffer overflow? Buffer overflow is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety. Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security.

 Now, we will try to attacking vulnerability of WarFTP 1.65 using buffer overflow. Is there anyone asking why we use WarFTP? Because the WarFTP didn't have a protection from buffer overflow attack.

The tools that we need to do vulnerability testing with buffer overflow is:

1. Ollydog, as a debugger.
2. Fuzzer for fuzzing process.
3. Python, for making fuzzer application and exploit.
4. Windows XP
5. Backtrack OS

Okey, run your WarFTP on Windows XP. If you didn't have WarFTP installed in your Windows XP, you can download the WarFTP file at the end of this article.

How to enlarge the root partition on Backtrack

Is there any one of you have the desire to enlarge the partition backtrack but do not know how to do? yeah, at first I did not know how. I've installed gparted in backtrack, but still the root partition can not be enlarged.


After some searching, I finally found how to enlarge root partition backtrack, using gparted live usb.

All you have to prepare is gparted live usb which you can download from the official website and unetbootin.

Download gparted live usb

Download unetbootin

Once everything is ready, make a bootable gparted live usb using unetbootin. Once done, boot your computer from the usb drive and follow the instructions there, and you're ready enlarged root partition.

How to install Tor on Bactrack 5 R2

Hai, long time no see...
Now, i want to share how to install Tor on Backtrack 5 R2. For your information Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Tor is an open source Anonymous Internet tool. It protects your personal identification from tracking systems by changing the source IP address frequently. Application will create many virtual tunnels through the tor network.

Oke, now i will show you a video that explain how to install Tor on Backtrack 5 R2 step by step. I've tried to practice and succeed




 Ok, good luck with your practice..

Advanced Information Gathering using Maltego

After we learn about Information Gathering now we will learn about Advanced Information Gathering. So, what is Advanced Information Gathering? Advanced Information Gathering is more than just Information Gathering.

Advanced Information Gathering is more complex than Information Gathering. We search more information about the target. According to the given task, do advanced information gathering about one of website. We can use maltego to gathering more information about website.

First, open the maltego application...