I'm trying to learn up on the topic of fuzzing, i'm using vmware workstation for the backtrack 3 & unpatched xp sp1 box. What i'm trying to do is the ultravnc 1.0.1 buffer overflow & the realvnc 3.3.7 buffer overflow. Basically when i set up the exploit on backtrack and then attempt to connect to it from the xp box all that happens is the program crashes in both cases (ultra & real). I attempted to look at the crash in olly debug but to little avail. What i would like to do is to recreate the crash manually, find a place for shellcode, and tell the program to jump to the shellcode. I appreciate any help that your willing to give. I'm basically just trying to recreate the buffer overflow to better understand how it all works. Thanks again for all your help.
I have just finished reading this book. Its easy to understand if you have programming background. I can still say that I have a lot more to learn about fuzzing even after reading this book.
Do you realize that those exploits are most likely Version specific AND Operating system specific? Also do you realize that you must be using ultravnc in order to use the ultravnc exploit as the realvnc exploit will most likely not work?
Fuzzing is just part of required knowledge in order to properly exploit programs. On top of that you must know what to look for and how to write proper exploits for each program. It is a must to know how to program and have a great understanding of any protocols your target is using. Along with in-memory fuzzing and file fuzzing.
Notice that it might be possible that the exploits your trying to use have been purposely miscoded in order to keep skiddies from using them at will.
There is no easy way to learn this so don't ask for it.
thanks hhmatt81 for your time and input. I'll def give the book a read. And i have an understanding of how buffer overflows work and why, just wanting to further my knowladge on the subject. Thanks again.
Go to google, type in fuzzing pdf, and you will find there is a very large volume of information that is available for viewing.
It is free, so you won't necessarily have to buy a book from amazon, and you can get it without that wait.
This is a very useful way to get information on many subjects as google finds pdf files.
The first search result is interesting, i can't post links yet as I am still a no00ob
portable w3af UI GTK !!
WebInspect has a click fuzzer
webscarab i use sometimes too
some stuff you may not know about
dd if=/dev/urandom of=/mybrain
Jon kinda did these in reverse. The first edition was an "advanced" view at elite exploitation techniques using various overflows and network (wired/wireless) protocol/programming flaws. The second edition is a more in-deph view of, for instance, OOD(Object Oriented Design) and language architectures. I'd recommend the first edition if you are looking nito fuzzing, as the techniques shown in the book are exactly what fuzzing looks for.
"The goal of every man should be to continue living even after he can no longer draw breath."