Updated Fuzzer for vulnserver.exe

I have updated the script to cycle through a series of characters instead of manually changing the character after each iteration of the script.  I also added the ability to include the new line, carriage return and line feed, and NOP characters.

I have built this script to introduce the concept of fuzzing in a Computer Science course that I will be teaching.

#!/usr/bin/python

import socket

def optionsMenu(currentCommand, currentChar, currentSeries, currentSize, currentMulti):
print 'Select from the Following Options: '
print '1. List Commands'
print '2. Set Command - "' + currentCommand + '"'
print '3. Set Initial Character or String ("' + currentChar + '")'
print '4. Set String Initial Size ("' + currentChar + '"*' + str(currentSize) + ')'
print '5. Set String Multiplier (("' + currentChar + '"*' + str(currentSize) + ')*' + str(currentMulti) + ')'
print '6. Set Series of Characters to go through after the Initial Character: ' + currentSeries
print '7. Run Fuzzer'
print '9. Exit'
menuOpt = raw_input('>> ')
return menuOpt

def listCommands(conn):
print
conn.send(('HELP' + '\r\n'))
print conn.recv(1024)

def setString(currentChar):
print
print 'Current Character or String: ' + currentChar
print
print 'For the following characters select the numeric value before it:'
print "100. \\n 101. \\r\\n 102. \\x90 or NOP"
print
print '* The above characters can not be used in a series of characters'
print '  at this time.'
print
newChar = raw_input('Set Character> ')
return newChar

def funcSeriesChar(currentSeries):
print
print 'Current Series if Characters or String: ' + currentSeries
newSeries = raw_input('Set Character(s)> ')
return newSeries

def setSize(currentSize):
print
print 'Current Initial Size of String: ' + str(currentSize)
newSize = raw_input('Set Size> ')
return newSize

def setMultiplier(currentMulti):
print
print 'Current Multiplier of String: ' + str(currentMulti)
newMulti = raw_input('Set Multiplier> ')
return newMulti

def funcCommand(currentCommand):
print
print 'Current Command: ' + currentCommand
newCommand = raw_input('Set Command> ')
return newCommand

def runFuzzer(conn, currentCommand, currentChar, currentSeries, currentSize, currentMulti):
print
print currentSeries
if currentSeries == '':
for i in range(0, int(currentMulti)):
buffer = currentCommand + ' '
if currentChar == '100': currentChar = '\x0a'
elif currentChar == '101': currentChar = '\x0d\x0a'
elif currentChar == '102': currentChar = '\x90'
buffer += currentChar * (int(currentSize) * (i+1))
buffer += '\r\n'
#print buffer
conn.send((buffer))
print 'Sent: ' + currentCommand + ' .("' + currentChar + '"*' + str(currentSize) + ')*' + str(i+1) + ' Size of buffer: ' + str(len(buffer))
print conn.recv(1024)
else:
currentSeries = currentChar + currentSeries
for currentSeriesChar in currentSeries:
print currentSeriesChar
for i in range(0, int(currentMulti)):
buffer = currentCommand + ' '
buffer += currentSeriesChar * (int(currentSize) * (i+1))
buffer += '\r\n'
#print buffer
conn.send((buffer))
print 'Sent: ' + currentCommand + ' .("' + currentSeriesChar + '"*' + str(currentSize) + ')*' + str(i+1) + ' Size of buffer: ' + str(len(buffer))
print conn.recv(1024)

def main():
global s
setCommand='STATS'
setChar='A'
setSeriesChar=''
initialSize=50
intMultiplier=1
menuOption = '0'
while menuOption <> '9':
print
menuOption = optionsMenu(setCommand, setChar, setSeriesChar, initialSize, intMultiplier)
if menuOption == '1':
listCommands(s)
elif menuOption == '2':
listCommands(s)
setCommand = funcCommand(setCommand)
elif menuOption == '3':
setChar = setString(setChar)
elif menuOption == '4':
initialSize = setSize(initialSize)
elif menuOption == '5':
intMultiplier = setMultiplier(intMultiplier)
elif menuOption == '6':
setSeriesChar = funcSeriesChar(setSeriesChar)
elif menuOption == '7':
runFuzzer(s, setCommand, setChar, setSeriesChar, initialSize, intMultiplier)
elif menuOption == '9':
break
else:
listCommands(s)


server = '172.16.102.132'
sourcePort = 9999
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect = s.connect((server, sourcePort))
# The following line can be uncommented if you need to send first
print s.recv(1024)

main()

s.close()

Comments

Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

Python - Vega Conflict Script to Maximize Fleet Sizes based on Fleet Mass

VBA - Script to Download a file from a URL

IoT Malware Analysis - CnC Server - Part 3