Posted: Sat Mar 20, 2010 7:11 pm Post subject: question on exploit writing.
I just want to know if there is an input box in a windows application or any application that has buffer overflow vulnrability but the function that needs to be called to exploit this is not accessible by passing commands to it via a command line like so "echo aaa |buffer.exe" how would someone get this function to execute with there input in a script like python would i have to open the application and then call that specific function? if so how cpuld that be done if the function was called foofunction any programming language example would be great or a link to a tutorial if anyone knows of one.
Assuming a Windows GUI application that has the following:
1 - Text box for input data
2 - "Execute" function which handles text box data in a non-secure manner e.g. Buffer Overflow
You could used the Windows APIs to send the appropriate string to the text box. To do this you need to know several things:
1 - The Windows Handle of the text box object
2 - Use the SendMessage/PostMessage API to write the text in the box
3 - Execute the function e.g. Send mouse click to "Execute" button
voila!
Now, you will need a suitable data set to test with so I suggest using a Fuzzer. Have a look at www.peachfuzzer.com , you can Fuzz Windows apps with this, you should be able to script lots of stuff.
This is of course all relying on a truly exploitable app. I suggest writing your own to test it.
been trying to implement the steps you suggested this is what i have got so far. But using SetDlgItemTextA to set the text but having difficulty using python to set the text. loaded up the executable in ida pro not to sure on how to use the windows handle of the textbox. here is my code so far. the code opens up the process and tries to write to the inputbox. any input guys? thanks
python example.py PID
Code:
import os,sys,subprocess,time
from subprocess import *
from os import *
from ctypes import *
from ctypes.wintypes import *
ok ive manged to get the windows handler but for some reason its still not setting my text into the input box. ive asked on python forums but no one seems to have an answer. code below.
Code:
import os,sys,subprocess,time
from subprocess import *
from os import *
from ctypes import *
from ctypes.wintypes import *
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum