Built Fuzzer for vulnserver.exe using Python

Through searching for information about buffer overflows and exploiting them I found "vulnserver.exe" created by "The Grey Corner" @ http://www.thegreycorner.com/2010/12/introducing-vulnserver.html.

Then I began fuzzing the vulnserver.exe and built the following fuzzer using python, it can be adapted to fuzz other programs by modifying the source code that is listed below.

#!/usr/bin/python

import socket

def optionsMenu(currentCommand, currentChar, currentSize, currentMulti):
print 'Select from the Following Options: '
print '1. List Commands'
print '2. Set Command - "' + currentCommand + '"'
print '3. Set Character or String ("' + currentChar + '")'
print '4. Set String Initial Size ("' + currentChar + '"*' + str(currentSize) + ')'
print '5. Set String Multiplier (("' + currentChar + '"*' + str(currentSize) + ')*' + str(currentMulti) + ')'
print '6. Run Fuzzer'
print '9. Exit'
menuOpt = raw_input('>> ')
return menuOpt

def listCommands(conn):
print
conn.send(('HELP' + '\r\n'))
print conn.recv(1024)

def setString(currentChar):
print
print 'Current Character or String: ' + currentChar
newChar = raw_input('Set Character> ')
return newChar

def setSize(currentSize):
print
print 'Current Initial Size of String: ' + str(currentSize)
newSize = raw_input('Set Size> ')
return newSize

def setMultiplier(currentMulti):
print
print 'Current Multiplier of String: ' + str(currentMulti)
newMulti = raw_input('Set Multiplier> ')
return newMulti

def funcCommand(currentCommand):
print
print 'Current Command: ' + currentCommand
newCommand = raw_input('Set Command> ')
return newCommand

def runFuzzer(conn, currentCommand, currentChar, currentSize, currentMulti):
print
for i in range(0, int(currentMulti)):
buffer = currentCommand + ' '
#buffer = currentCommand + ' .'
buffer += currentChar * (int(currentSize) * (i+1))
buffer += '\r\n'
#print buffer
conn.send((buffer))
print 'Sent: ' + currentCommand + ' .("' + currentChar + '"*' + str(currentSize) + ')*' + str(i+1) + ' Size of buffer: ' + str(len(buffer))
print conn.recv(1024)
print

def main():
global s
setCommand='STATS'
setChar='A'
initialSize=50
intMultiplier=1
menuOption = '0'
while menuOption <> '9':
print
menuOption = optionsMenu(setCommand, setChar, initialSize, intMultiplier)
if menuOption == '1':
listCommands(s)
elif menuOption == '2':
listCommands(s)
setCommand = funcCommand(setCommand)
elif menuOption == '3':
setChar = setString(setChar)
elif menuOption == '4':
initialSize = setSize(initialSize)
elif menuOption == '5':
intMultiplier = setMultiplier(intMultiplier)
elif menuOption == '6':
runFuzzer(s, setCommand, setChar, initialSize, intMultiplier)
elif menuOption == '9':
break
else:
listCommands(s)


server = '172.16.102.132'
sourcePort = 9999
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect = s.connect((server, sourcePort))
# The following line can be uncommented if you need to send first
print s.recv(1024)

main()

s.close()

Comments

Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

Python - Vega Conflict Script to Maximize Fleet Sizes based on Fleet Mass

VBA - Script to Download a file from a URL

IoT Malware Analysis - CnC Server - Part 3