![]() We let the exception occurs and this is how our registers looks like, we have control of EIP.Īnd at this point, the top of the stack looks like this: ![]() The result is a crash in the application. I put 20000 A’s in the Username field and I double click in the session. First of all I start the SSH service of my Kali Linux and I create a new SSH session in Moba with the correct IP address of my Kali and the port 22. During the exploitation process of this vulnerability, the host with the IP 192.168.1.88 had a SSH running service in the port 22. The remote host must exist, and it has to have the port what we want to connect open. ![]() If you put in that variable a buffer with at least 17000 A’s the application is going to crash overwriting some registers that can allow an attacker to gain control of the execution flow of the program. One day I decided to play a bit with Moba, and I found that the application does not sanitize correctly the input of the parameter “Specify Username”. ![]() As i said in previous blog posts, the purpose of this blog is to share a bit of knowledge with the hacking community so I’m going to explain step by step how I detected the vulnerability and how I developed the exploit. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |