Results 1 to 2 of 2

Thread: Quick & Ugly Ruby Network based Fuzzer

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    3

    Default Quick & Ugly Ruby Network based Fuzzer

    The following is a quick and ugly network based fuzzer scripted in Ruby. It was modified (ever so slightly) to allow for IP address and Destination port to be passed at the command line instead of being hardwired into the script itself.

    Example use: quickfuzz.rb Target_IP_Address Target_Destination_Port

    It is core application and use is when you're developing network based exploits and have a network based service that you can monitor and watch the target service.

    The folks at N2NetSecurity have provided a very concise and simple to understand presentation on Exploit Development (located at www n2netsec com slash dump slash techno dot pdf).


    Code:
    ##################################################
    #!/usr/bin/ruby
    require 'socket'
    
    ##################################################
    # Quick & Ugly Fuzzer  
    #
    # quickfuzz v.1.0 - N2NetSecurity, Inc - AAH
    #
    # www n2netsec com | Reach the security summit...
    #
    # info [at] n2netsec com 
    #
    # quickfuzz v1.1 - PROTEUS|OCM - EBM
    #
    # www proteus-ocm net | Answering the "So What if we get hacked?" 
    #
    # info [at] proteus-ocm [dot] net   
    #
    # Updates welcome
    ##################################################
    
    ##################################################
    # This script was based off of a presentation  
    # provided at a recent conference by N2NetSecurity.
    # The original script had hard coded IP's within the
    # script.  I've taken the script and updated it to
    # allow for passing along command line arguments of
    # the IP address and Destination_Port.
    #                                                                  
    # Usage: ruby quickfuzz.rb IP_Address Destination_Port
    ##################################################
    
    buffer=[]
    increment=1
    
    #
    # Variables to be passed at the command line and assigned for
    # use in identifying buffer overflow.
    # 
    unless ARGV.length == 2
            puts "The correct use of this gem is as follows:"
            puts "Usage: ruby quickfuzz.rb Target_IP_Address Target_Destination_Port"
            puts "Example: ruby quickfuzz.rb 192.168.1.10 445"
            exit
    end
    
    target = ARGV[0]
    port = ARGV[1]
    
    #
    # GIGO-Monkeybone
    #
    
    while buffer.length <=1000
            buffer << "A"*increment
            print "Sending #{buffer.length} bytes... \n"
            sleep(0.25)
            s=TCPSocket.new(target, port)
            s.print(buffer)
            s.close
    end

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Edited your post a little to make it more readable OP.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •