I have updated the script to cycle through a series of characters instead of manually changing the character after each iteration of the script. I also added the ability to include the new line, carriage return and line feed, and NOP characters.
I have built this script to introduce the concept of fuzzing in a Computer Science course that I will be teaching.
#!/usr/bin/python
import socket
def optionsMenu(currentCommand, currentChar, currentSeries, currentSize, currentMulti):
print 'Select from the Following Options: '
print '1. List Commands'
print '2. Set Command - "' + currentCommand + '"'
print '3. Set Initial Character or String ("' + currentChar + '")'
print '4. Set String Initial Size ("' + currentChar + '"*' + str(currentSize) + ')'
print '5. Set String Multiplier (("' + currentChar + '"*' + str(currentSize) + ')*' + str(currentMulti) + ')'
print '6. Set Series of Characters to go through after the Initial Character: ' + currentSeries
print '7. Run Fuzzer'
print '9. Exit'
menuOpt = raw_input('>> ')
return menuOpt
def listCommands(conn):
print
conn.send(('HELP' + '\r\n'))
print conn.recv(1024)
def setString(currentChar):
print
print 'Current Character or String: ' + currentChar
print
print 'For the following characters select the numeric value before it:'
print "100. \\n 101. \\r\\n 102. \\x90 or NOP"
print
print '* The above characters can not be used in a series of characters'
print ' at this time.'
print
newChar = raw_input('Set Character> ')
return newChar
def funcSeriesChar(currentSeries):
print
print 'Current Series if Characters or String: ' + currentSeries
newSeries = raw_input('Set Character(s)> ')
return newSeries
def setSize(currentSize):
print
print 'Current Initial Size of String: ' + str(currentSize)
newSize = raw_input('Set Size> ')
return newSize
def setMultiplier(currentMulti):
print
print 'Current Multiplier of String: ' + str(currentMulti)
newMulti = raw_input('Set Multiplier> ')
return newMulti
def funcCommand(currentCommand):
print
print 'Current Command: ' + currentCommand
newCommand = raw_input('Set Command> ')
return newCommand
def runFuzzer(conn, currentCommand, currentChar, currentSeries, currentSize, currentMulti):
print
print currentSeries
if currentSeries == '':
for i in range(0, int(currentMulti)):
buffer = currentCommand + ' '
if currentChar == '100': currentChar = '\x0a'
elif currentChar == '101': currentChar = '\x0d\x0a'
elif currentChar == '102': currentChar = '\x90'
buffer += currentChar * (int(currentSize) * (i+1))
buffer += '\r\n'
#print buffer
conn.send((buffer))
print 'Sent: ' + currentCommand + ' .("' + currentChar + '"*' + str(currentSize) + ')*' + str(i+1) + ' Size of buffer: ' + str(len(buffer))
print conn.recv(1024)
else:
currentSeries = currentChar + currentSeries
for currentSeriesChar in currentSeries:
print currentSeriesChar
for i in range(0, int(currentMulti)):
buffer = currentCommand + ' '
buffer += currentSeriesChar * (int(currentSize) * (i+1))
buffer += '\r\n'
#print buffer
conn.send((buffer))
print 'Sent: ' + currentCommand + ' .("' + currentSeriesChar + '"*' + str(currentSize) + ')*' + str(i+1) + ' Size of buffer: ' + str(len(buffer))
print conn.recv(1024)
def main():
global s
setCommand='STATS'
setChar='A'
setSeriesChar=''
initialSize=50
intMultiplier=1
menuOption = '0'
while menuOption <> '9':
print
menuOption = optionsMenu(setCommand, setChar, setSeriesChar, initialSize, intMultiplier)
if menuOption == '1':
listCommands(s)
elif menuOption == '2':
listCommands(s)
setCommand = funcCommand(setCommand)
elif menuOption == '3':
setChar = setString(setChar)
elif menuOption == '4':
initialSize = setSize(initialSize)
elif menuOption == '5':
intMultiplier = setMultiplier(intMultiplier)
elif menuOption == '6':
setSeriesChar = funcSeriesChar(setSeriesChar)
elif menuOption == '7':
runFuzzer(s, setCommand, setChar, setSeriesChar, initialSize, intMultiplier)
elif menuOption == '9':
break
else:
listCommands(s)
server = '172.16.102.132'
sourcePort = 9999
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect = s.connect((server, sourcePort))
# The following line can be uncommented if you need to send first
print s.recv(1024)
main()
s.close()
Subscribe to:
Post Comments (Atom)
-
Here is a quick walk through of GetBoo. The first item that I found was you can harvest the usernames of the existing users that are regist... -
As I was glancing through the logs of my honeypots I spent some time to look at the following logs. In the past I have just overlooked them... -
I ran a Nikto scan and found the following vulnerability in the report that it produces: "OSVDB-637: Enumeration of users is possible...
-
I thought I would work through a few of these web applications provided by OWASP on their broken web applications VM. The first one I th... -
In the honeypot I found over 276 requests for cgi files that could be accessed to leverage the shellshock vulnerability documented as CVE-20...
No comments:
Post a Comment