Getting the Software Up and Running

274
◾ 
Ethical Hacking and Penetration Testing Guide
black box penetration test where the source code of the application is not available. Since we are 
up against an FTP server, we have a great fuzzer named 
infigo FTPStress Fuzzer v1.0
, 
and this fuzzer was specifically created for fuzzing FTP-based applications. It works by sending 
long malformed strings to an FTP server; we can choose the type of FTP command we want to 
fuzz along with the size of the data we would like to send.
Once you have the FTP fuzzer up and running, deselect all the commands and select only 
the USER and PASS command; the latter is essential in order to fuzz the former. Once the USER 
command has been selected, check the “fuzz this FTP command” box.
Next, from the configuration we will move into fuzzing sizes; this will be the data that the 
fuzzer will send starting from 30 to a maximum of 700.
Next we take a look at the fuzzing data. The fuzzing data could be any type of string. However, 
here we are interested in sending only “A”; therefore we deselect all and select only “A”. The reason 
why we are sending As is that we can easily recognize them in the output, since the hex value of 
A is 41.

Windows Exploit Development Basics
◾ 
275
Next, we enter the host; since my FTP server is running upon my local host I type 127.0.01. 
The port is 21 by default. If your FTP server is running upon another port then change it accord-
ingly. The rest of the options should be left unchanged.
Upon fuzzing, our target application crashed and the following window appears; this indicates 
that something is wrong.
The error details reveal that the offset has been replaced with 41414141, which is the hex 
equivalent of AAAA.

Yüklə 22,44 Mb.

Dostları ilə paylaş: