Once AxMan has enumerated all ActiveX controls on the user??™s
machine, it is able to fuzz the objects to see if and where the COM object behaves
Figure 8-9 Crash of ActiveX object through fuzzing
218 Hacking Exposed Web 2.0
inappropriately. Based on this inappropriate or unusually behavior, which will be noted
by the browser??™s and/or operating systems??™ unresponsiveness, AxMan will determine
whether the COM object is vulnerable to a buffer overflow attack that may lead to a
denial of service or remote code execution.
AxMan can be used in two ways: use the tool??™s online demonstration web site, or use
a local web server to run the tool locally. Both provide the same fuzzing capacities;
therefore, we will demonstrate the online version. Complete the following steps to fuzz
an ActiveX COM object with AxMan??™s online version:
1. Visit the AxMan online demonstration interface at http://metasploit.com/
users/hdm/tools/axman/demo/, as shown in Figure 8-10.
2. Before AxMan can fuzz all the CLSIDs, shown in step 3, or the single CLSID,
shown in step 4, a post-mortem debugger should be installed. A post-mortem
debugger will be invoked whenever a crash is detected and can be used to
probe the crashed program for the cause of the crash.
Pages:
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386