Edit

Sync Breez Enterprize

Sync Breez Enterprize v10.0.28

1. Initial Reconnaissance

  • Port Scanning:

    sudo nmap <IP>

    Identify open ports. In this case, port 80 is open.

  • Discover Service and Version: Open Firefox, visit the HTTP page, and find the service version:

    Sync Breez Enterprise v10.0.28

  • Discover Communication Method: Use Wireshark to capture communication between your machine and the server in a local lab.

2. Fuzzing

  • Simulation: Python script to simulate communication and fuzz the application for potential vulnerabilities.

    # Fuzzing Script
while True:
    payload = "username=" + 'A' * c + "&password=1234"
    request = "POST /login HTTP/1.1\r\n" + "...other headers...\r\n" + payload
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect(("192.168.1.4", 80))
    s.send(request.encode())
    s.close()
    c += 100
    time.sleep(5)

3. Finding the Offset

  • Generate a pattern using Metasploit's pattern_create.rb:

  • Use this pattern in the script and find the offset:

4. Overwriting the EIP

  • Use a payload script with the EIP overwritten:

5. Finding Bad Characters

  • Generate a payload to identify bad characters:

6. Finding the Right Module

  • Use Mona to find modules and identify JMP ESP addresses:

7. Generating Shellcode

  • Use MSFVenom to generate shellcode:

8. Gaining Root

  • Update the Python script with the generated shellcode and listen for the connection using Netcat.

PreviousVulnServerNextCrashed CTF

Last updated

Was this helpful?