Results 1 to 2 of 2

Thread: Quick & Ugly Ruby Network based Fuzzer

  1. 11-16-2009, 02:34 PM #1
    proteus-ocm
    proteus-ocm is offline
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    3

    Default Quick & Ugly Ruby Network based Fuzzer

    The following is a quick and ugly network based fuzzer scripted in Ruby. It was modified (ever so slightly) to allow for IP address and Destination port to be passed at the command line instead of being hardwired into the script itself.

    Example use: quickfuzz.rb Target_IP_Address Target_Destination_Port

    It is core application and use is when you're developing network based exploits and have a network based service that you can monitor and watch the target service.

    The folks at N2NetSecurity have provided a very concise and simple to understand presentation on Exploit Development (located at www n2netsec com slash dump slash techno dot pdf).


    Code:
    ##################################################
#!/usr/bin/ruby
require 'socket'

##################################################
# Quick & Ugly Fuzzer  
#
# quickfuzz v.1.0 - N2NetSecurity, Inc - AAH
#
# www n2netsec com | Reach the security summit...
#
# info [at] n2netsec com 
#
# quickfuzz v1.1 - PROTEUS|OCM - EBM
#
# www proteus-ocm net | Answering the "So What if we get hacked?" 
#
# info [at] proteus-ocm [dot] net   
#
# Updates welcome
##################################################

##################################################
# This script was based off of a presentation  
# provided at a recent conference by N2NetSecurity.
# The original script had hard coded IP's within the
# script.  I've taken the script and updated it to
# allow for passing along command line arguments of
# the IP address and Destination_Port.
#                                                                  
# Usage: ruby quickfuzz.rb IP_Address Destination_Port
##################################################

buffer=[]
increment=1

#
# Variables to be passed at the command line and assigned for
# use in identifying buffer overflow.
# 
unless ARGV.length == 2
        puts "The correct use of this gem is as follows:"
        puts "Usage: ruby quickfuzz.rb Target_IP_Address Target_Destination_Port"
        puts "Example: ruby quickfuzz.rb 192.168.1.10 445"
        exit
end

target = ARGV[0]
port = ARGV[1]

#
# GIGO-Monkeybone
#

while buffer.length <=1000
        buffer << "A"*increment
        print "Sending #{buffer.length} bytes... \n"
        sleep(0.25)
        s=TCPSocket.new(target, port)
        s.print(buffer)
        s.close
end
  2. 11-16-2009, 11:08 PM #2
    lupin
    lupin is offline
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Edited your post a little to make it more readable OP.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules