FUZZing
PRACTICE ! PRACTICE ! PRACTICE !
So now we know the TRUN command is vulnerable and it crashes the program, Let's fuzz the program to get some juicy information
Run the vulnserver.exe and Immunity Debugger as the Administrator user
Let's write a python script which will automate the Fuzzing process !
We are gonna import the sys and socket so that we can call out the specific IP and port and connect to the server
We are gonna import sleep so that we can sleep it for a second before trying this process over again and again
We are declaring a buffer variable and have a 100 A's inside it - We are gonna loop this and try connecting it to the socket
AF_INET is our IPv4 and SOCK_STREAM is our Port
We are now gonna send our buffer to run as a TRUN command - Basically send the 100 A's via the TRUN command
Close the connection and sleep for a second !
And then we are gonna append another 100 A's to the buffer variable and this goes inside the loop until it crashes
Once we notice the vulnserver.exe has crashed in the debugger, we can immediately press CTRL + C to quit our python program and it raises an exception with the number of bytes the program has crashed - Which gives us an estimate count of bytes the vulnserver.exe has crashes !
We couldn't overwrite the EIP - thats okayy :)
Last updated