Results 1 to 9 of 9

Thread: [Video] sickfuzz v0.2

Threaded View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010

    Lightbulb [Video] sickfuzz v0.2

    Watch video on-line (sickfuzz v0.2):
    Download video (sickfuzz v0.2):
    Notes on sickfuzz v0.3:
    Install script (sickfuzz v0.3):

    Brief Overview
    This video is a brief introduction into "fuzzing". The author, sickn3ss requested a video to demonstrate his latest project called sickfuzz. You can read what hes got to say about it here.

    Fuzzing is sending invalid, unexpected or random data to the inputs and watching what happens to the program in question. An example; Lets say there is a question "Have you got milk?", which has the answers as either "Yes" or "No". What happens when you try "Maybe","-1" or "34c96c@23" instead? The results of the programming miss-handling the input may crash the program leading it to a security issues such as (un)exploitable buffer overflows, Denial Of Service (DoS) etc.

    "A fuzzer is a program which injects automatically semi-random data into a program/stack and detect bugs."~ owasp

    * Setup a web server
    * Check status
    * Fuzz it
    * Watch for response
    * Check status
    * Repeat
    * Analyse captured packets

    What do I need?
    * sickfuzz - Download here
    * Python - Download here (Comes with backtrack 4 r2)
    * SPIKE - Download here (Comes with backtrack 4 r2)
    * tshark - Download here (Comes with wireshark that can be found in backtrack 4 r2)
    * Web servers - Below are the ones used in the demostation
    * Name: Savant Web Server
    * Homepage:
    * Download:
    * Sickfuzz Script: 1

    * Name: PMSoftware Simple Web Server
    * Homepage:
    * Download:
    * Sickfuzz Script: 5

    * Name: MiniShare
    * Homepage:
    * Download:
    * Sickfuzz Script: 1

    Walk through
    The user first downloads, installs and configures a web server of their choosing. After which scans the network for the server, and checks for the open port.

    After downloading the latest and greatest version of sickfuzz (Don't forget to add it to your svn collection, which simplifies updating it) the user extracts it, runs it for the first time and sees the help screen.

    After typing in all the necessity command line options, Before any fuzzing happens sickfuzz checks if the port is open, if it is then automatically starts capturing (using tshark - command line version of wireshark) allowing for the user to analyse how the web server responds.

    Sickfuzz uses SPIKE to send a collection of known issues for web servers as it currently supports a mixture of techniques in URLs and header fuzzing fields:
    * GET /
    * GET /abc=
    * HEAD /
    * POST /
    * GET / (HTTP/1.1)
    * HEAD / (HTTP/1.1)
    * POST / (HTTP/1.1)
    * Authorization:
    * Content-Length:
    * If-Modified-Since:
    * Connection:
    * X-a:

    During the fuzzing, sickfuzz checks to see whether the service has crashed (however some times this isn't until the program has closed. For example: PMSoftware's SWS, it wasn't until the user clicked "Okay" on the crashed message, did the web server stop responding). If it (the server) has crashed, sickfuzz will stop and exit.

    After it has tried all the fields, depending on sickfuzz, it will either stop (-scripts x) or try the next field (--scripts all).

    When sickfuzz has ended, the user can then analyse the collected packets for themselves to see what caused the crash.

    nmap -n -sP -sn
    nmap -T5
    tar zxvf sickfuzz_v02.tar.gz
    cd sickfuzz
    #Savant Web Server
    nmap -p 80 -sV
    ./ --spike /pentest/fuzzers/spike/ --fpath /root/sickfuzz/ --script 1 --ip --port 80 --iface eth0 --log /root/
    nmap -p 80 -sV
    firefox ->
    firefox ->
    ./ --script-show
    ./ --spike /pentest/fuzzers/spike/ --fpath /root/sickfuzz/ --script 5 --ip --port 80 --iface eth0 --log /root/
    wireshark -> Filter -> http && ip.addr ==
    firefox ->
    ./ --spike /pentest/fuzzers/spike/ --fpath /root/sickfuzz/ --script all --ip --port 80 --iface eth0 --log /root/
    * For more information on up on fuzzing, check fuzzing on wikipedia and owasp

    Song: Clutch - 10001110101
    Video length: 5:00
    Capture length: 31:19
    Blog Post:
    Forum Post:

    Last edited by g0tmi1k; 03-13-2011 at 12:21 PM.
    Have you...g0tmi1k?

Similar Threads

  1. Replies: 21
    Last Post: 03-02-2011, 07:06 PM
  2. Please help me get my Video working.
    By ktgohdt125 in forum Beginners Forum
    Replies: 1
    Last Post: 06-03-2010, 07:31 AM
  3. Video: Nmap Video Tutorial 2: Port Scan Boogaloo
    By Irongeek in forum OLD Tutorials and Guides
    Replies: 0
    Last Post: 05-30-2008, 08:07 PM
  4. Video: Nmap Video Tutorial 2: Port Scan Boogaloo
    By Irongeek in forum OLD BT1, Whax and Auditor Videos
    Replies: 0
    Last Post: 05-30-2008, 08:07 PM
  5. Just for fun video
    By bluster in forum OLD General IT Discussion
    Replies: 4
    Last Post: 04-29-2008, 03:14 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts