Thursday 4 October 2012

SEH : BigAnt Server Vulnerability Exploitation

Okey, after we learn about Non-SEH application exploitation, now we will to try exploit the application that have SEH or Structure Exception Handling. A little about SEH, SEH is a mechanism that is owned by a software and hardware to handle an exception. Exception will occur when an application tries to perform the execution of code that is outside the normal, for example in the case of buffer overflow.
 
Let's begin..

 In this practice I use the BigAnt server application. BigAnt server is a server messaging application. This software built using SEH and linker SEH, that makes these applications is not easy to be exploited using direct RETN EIP like in case of WarFTP.



Read more »
at 07:12 0 comments

Tuesday 2 October 2012

Easy RM-MP3 Converter Buffer Overflow

Okey guys, in this post I will try to exploit Easy RM-MP3 Converter using Buffer Overflow. Do you know what is purpose of this? To control the operating system where the Easy RM-MP3 Converter runs.

In this post I will try to find the vulnerability of the Easy RM-MP3 Converter. To find the software vulnerability we can use Buffer Overflow. In this practice I use Windows XP SP3 where the Easy RM-MP3 Converter installed. The Backtrack is Bactrack 5 R2 version.

Let's begin..

- After the Easy RM-MP3 Converter installed, then run the application.


Read more »
at 07:02 0 comments
Labels: , ,

Mini-stream RM-MP3 Converter Buffer Overflow

Mini-stream RM-MP3 Converter Buffer Overflow
at 01:50 0 comments