Spiking
PRACTICE ! PRACTICE ! PRACTICE !
Don't Forget to . . . . .
Disable all your antivirus applications
Disable Microsoft Windows Defender's Real Time Protection etc - So, that we don't have any issues while developing our exploit :)
Firstly, first let's start the vulnserver.exe and our Immunity Debugger as an Administrator User !
Now, Let's attach the vulnserver's process to the debugger and run the program, Meanwhile let's connect to the vulnserver from our attacker's machine and check the available options :)
nc -nv 192.168.0.104 9999
By default, the vulnserver runs on port 9999 - If we want a different port we can simply assign the port number while running it
Once we connect to the server, we find many available options but how do we know which command in this server is vulnerable ?
This is where Spiking comes into picture, we write a simple spike (.spk) script which iterates through the option and crashes the program which can be seen via the Debugger

These are the available commands in this vulnerable server, so lets start Spikinnnnn'
The tool which is going to automate the iteration part, considering our spike script is called generic_send_tcp
The syntax is very simple :)
./generic_send_tcp host port spike_script SKIPVAR SKIPSTR
Let's write a script for a non-vulnerable command such as STATS
s_readline();
s_string("STATS ");
s_string_variable("0");
And a vulnerable command such as TRUN
s_readline();
s_string("TRUN ");
s_string_variable("0");

This confirms that the TRUN command is vulnerable - So let's start developing our EXPLOIT :)
Last updated