How to find JMP ESP Register on WarFTP ??
we use Ollydbg to debugg and searc JMP ESP
1. run WarFTP and Ollydbg
2. Ollydbg > view> Executable modules
3. Ollydbg will pop new window where on wendow list library used warftp when running
4. chose library file user32.dll or shell32.dll.. but we will use user32.dll to searc JMP ESP, klik user32.dll
oke,, we find address JMP ESP is 7e455313 , next edit to little endian from 7E455313 to \x13\x53\x45\x7E and entri in fuzzer.py
run fuzzer.py and check on Ollydb
stack filed by \xCC but register EIP 00AFFD49 not 7E455313.. to ensure addres 7E455313 read by register EIP we can cehk use Breakpoint
look at buttom left,, we can see a address breakpoint (7E455313)
Tidak ada komentar:
Posting Komentar