274
◾
Ethical Hacking and Penetration Testing Guide
black box penetration test where the source code of the application is not available. Since we are
up against an FTP server, we
have a great fuzzer named
infigo FTPStress Fuzzer v1.0
,
and this fuzzer was specifically created for fuzzing FTP-based applications. It works by sending
long malformed strings to an FTP server; we can choose the type of FTP command we want to
fuzz along with the size of the data we would like to send.
Once you have the FTP fuzzer up and running, deselect all the
commands and select only
the USER and PASS command; the latter is essential in order to fuzz the former. Once the USER
command
has been selected, check the “fuzz this FTP command” box.
Next, from the configuration we will move into fuzzing sizes; this will be the data that the
fuzzer will send starting from 30 to a maximum of 700.
Next we take a look at the fuzzing data. The fuzzing data could be any type of string. However,
here we are interested in sending only “A”; therefore we deselect all and select only “A”.
The reason
why we are sending As is that we can easily recognize them in the output, since the hex value of
A is 41.
Windows Exploit Development Basics
◾
275
Next, we enter the host; since my FTP server is running upon my local host I type 127.0.01.
The port is 21 by default. If your FTP server is running upon another port then change it accord-
ingly. The rest of the options should be left unchanged.
Upon fuzzing, our target application crashed and the following window appears; this indicates
that something is wrong.
The error details reveal that the offset has been replaced with 41414141,
which is the hex
equivalent of AAAA.
Dostları ilə paylaş: 
