#!/usr/bin/env python # Fuzzing the initial 4-byte packet from client to CheckPoint VPN server. import time import sys from sulley import * # Time to wait between mutations SLEEP_TIME=0.5 # Time to wait before claiming a host is unresponsive TIMEOUT=3 # number of crashes to observe before skipping the remainder of a group CRASH_THRESHOLD=3 # Initialize the Sulley mutation descriptor s_initialize("SecuRemote-Initial-Packet") s_byte("\x51",full_range=True) s_static("\x00\x00\x00") print "Total mutations: " + str(s_num_mutations()) + "\n" print "Minimum time for execution: " + str(round(((s_num_mutations() * (SLEEP_TIME))/3600),2)) + " hours." print "Press CTRL/C to cancel in ", for i in range(5): print str(5 - i) + " ", sys.stdout.flush() time.sleep(1) # For debugging purposes, uncomment these lines to see Sulley's mutations # in hex dump format #print "Hex dump mutation output:" #while s_mutate(): # print s_hex_dump(s_render()) sess = sessions.session(session_filename="SecuRemote-Initial-Packet.sess", sleep_time=SLEEP_TIME, timeout=TIMEOUT, crash_threshold=CRASH_THRESHOLD) # Tie this session to the SecuRemote-Simple-String fuzzing cases sess.connect(s_get("SecuRemote-Initial-Packet")) # Change this IP address to the target system target = sessions.target("127.0.0.1", 264) # Add the target to the session (can be repeated for multiple targets) sess.add_target(target) # Kick off the fuzzer, monitoring with WebUI on localhost:26000 sess.fuzz()对有状态的协议进行测试
#!/usr/bin/env python from sulley import * SLEEP_TIME=0.5TIMEOUT=3CRASH_THRESHOLD=3# The function Sulley will run prior to sending each mutation. We leverage # it to setup the target system with the initial packets and response in the # protocol exchange prior to our target packet. def preconn(sock): sock.send("\x51\x00\x00\x00") time.sleep(0.5) sock.send("\x00\x00\x00\x21") # Set a socket timeout on the recv so we aren't waiting indefinitely if # the server crashed from a previous test case. sock.settimeout(5) response = sock.recv(4) print "Setup response: ", for i in response: print "%02x" % ord(i), print s_initialize("SecuRemote-Simple-String") # Create a size field, which is based on the content of the named block # Sulley uses ">" to indicate big-endian values, "<" is little-endian s_size("client-name-string", length=4, endian=">") # This is the block of data used for filling in the s_sizeif s_block_start("client-name-string"): # "securemote" is the default string s_string("securemote") # constant null terminator s_byte("\x00") s_block_end() sess = sessions.session(session_filename="Securemote-Simple-string.sess", sleep_time=SLEEP_TIME, timeout=TIMEOUT, crash_threshold=CRASH_THRESHOLD) # Call preconn() before each mutation is sent to setup the target sess.pre_send = preconn sess.connect(s_get("SecuRemote-Simple-String")) target = sessions.target("127.0.0.1", 264) sess.add_target(target) sess.fuzz()成果
后台管理员是网站后台必不可少的一个环节,如何使用aspmaker实现超级管理与普通管理员登陆后台。下面就详细讲解一下。 第一步,首先打开一个已经设置好的aspmaker文件,在工具条中点击“...
先给大伙说一下XSS的技术专业表述吧! 什么叫XSS进攻? 每每程序运行的新网页页面中包括不会受到信赖的、未历经适当认证或转义的数据信息,或是应用能够建立JavaScript 的电脑浏...
测试版本:IIS版V3.3.09476(2014-09-24)、Apache V3.1.08512(2014-05-29),均为今天能下到的最新版。 用于绕过的核心字符:%0A,某些特殊场合...
我们在第二课立即用指令: sqlmap.py -u http://localhost/book/admin/lyedit.php?ly_id=2 -p ly_id 获得了后台管理管员的登录名和登陆密...
什么是AppScan? AppScan在全部运用软件开发生命期中开展安全性测试,在设计阶段初期出示安全系数确保,并开展简单化单元测试卷。该专用工具能够扫描仪很多普遍的系统漏洞,比如HTTP回应切分,...
依据关键创作者和开发者的叫法,THC Amap是一个网络黑客和渗入专用工具,是实行程序运行协议书检验的第一个专用工具。可是,一定要注意,假如您对这一迷你型专用工具很感兴趣,那麼您将会最好是应用nma...