Results 1 to 3 of 3

Thread: Fuzzing Advice (trying to BOF SLmail 5.5.0.4433 - known to be vulnerable)

  1. #1
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    2

    Default Fuzzing Advice (trying to BOF SLmail 5.5.0.4433 - known to be vulnerable)

    Hey guys, I'm trying to practice my BOF technique and so have downloaded some software that is known to be vulnerable - SLmail 5.5.0.4433 I've set it up on a windows xp vm, and am trying to force a crash from my bt vm.

    I made my own python script to flood it with a command then x amount of As, but it got to the point where my counter was so large the script just wouldn't run.

    As such I turned to the tools on BT; first off I tried bed, which couldn't force a crash and since then I have been trying with spike.

    From what I've read spike is the most commonly used, but I can't find a clear guide on how to use it - or one that I understand anyway. I'm pretty sure I'm out of my depth here but that's the best way to learn really. There is a runspkwizard.py which is meant to be helpful, but running that produced errors, which I'd fixed, only to find there were further errors which were beyond my current grasp of python.

    In any case I just gave it a go with these command:

    ./line_send_tcp 192.168.x.x 25 blocktest1.spk 0 0

    and this is connecting to the server and working (currently reading: Fuzzing variable 0:146666). It's been going for about 8 hours though with no joy, so my questions really are am I on the right track? Is my command ok? Are there any other avenues I could explore?

    There are working exploits out there for this software, but I really don't want to cheat and would much rather someone point me in the right direction =)

    Any help is much appreciated!

    Thanks!

  2. #2
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    2

    Default Re: Fuzzing Advice (trying to BOF SLmail 5.5.0.4433 - known to be vulnerable)

    Well I gave up trying to fuzz it with a program and googled it, which revealed which command was vulnerable. After that I just adapted my original script which to find the number of chars necessary to cause a BOF.

    I guess the moral is in these situations you're best off trying to fuzz each command one by one, as oppose to using a program to do it for you.

    Cheers

  3. #3
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Fuzzing Advice (trying to BOF SLmail 5.5.0.4433 - known to be vulnerable)

    Bed usually shows at what command the crash occurs, at least it worked for me.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

Similar Threads

  1. Request: The Art of Fuzzing
    By morning_wood in forum Tool Requests
    Replies: 1
    Last Post: 07-16-2010, 08:59 AM
  2. XSS/SQL Fuzzing Lists
    By loftrat in forum OLD Pentesting
    Replies: 6
    Last Post: 09-11-2008, 01:32 PM
  3. Help with fuzzing
    By Tully in forum OLD Newbie Area
    Replies: 7
    Last Post: 05-01-2008, 05:49 PM
  4. Exploits and Fuzzing
    By hhmatt in forum OLD Pentesting
    Replies: 2
    Last Post: 04-07-2008, 03:20 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •