#!/usr/bin/env python # Fuzzing the initial 4-byte packet from client to CheckPoint VPN server. import time import sys from sulley import * # Time to wait between mutations SLEEP_TIME=0.5 # Time to wait before claiming a host is unresponsive TIMEOUT=3 # number of crashes to observe before skipping the remainder of a group CRASH_THRESHOLD=3 # Initialize the Sulley mutation descriptor s_initialize("SecuRemote-Initial-Packet") s_byte("\x51",full_range=True) s_static("\x00\x00\x00") print "Total mutations: " + str(s_num_mutations()) + "\n" print "Minimum time for execution: " + str(round(((s_num_mutations() * (SLEEP_TIME))/3600),2)) + " hours." print "Press CTRL/C to cancel in ", for i in range(5): print str(5 - i) + " ", sys.stdout.flush() time.sleep(1) # For debugging purposes, uncomment these lines to see Sulley's mutations # in hex dump format #print "Hex dump mutation output:" #while s_mutate(): # print s_hex_dump(s_render()) sess = sessions.session(session_filename="SecuRemote-Initial-Packet.sess", sleep_time=SLEEP_TIME, timeout=TIMEOUT, crash_threshold=CRASH_THRESHOLD) # Tie this session to the SecuRemote-Simple-String fuzzing cases sess.connect(s_get("SecuRemote-Initial-Packet")) # Change this IP address to the target system target = sessions.target("127.0.0.1", 264) # Add the target to the session (can be repeated for multiple targets) sess.add_target(target) # Kick off the fuzzer, monitoring with WebUI on localhost:26000 sess.fuzz()对有状态的协议进行测试
#!/usr/bin/env python from sulley import * SLEEP_TIME=0.5TIMEOUT=3CRASH_THRESHOLD=3# The function Sulley will run prior to sending each mutation. We leverage # it to setup the target system with the initial packets and response in the # protocol exchange prior to our target packet. def preconn(sock): sock.send("\x51\x00\x00\x00") time.sleep(0.5) sock.send("\x00\x00\x00\x21") # Set a socket timeout on the recv so we aren't waiting indefinitely if # the server crashed from a previous test case. sock.settimeout(5) response = sock.recv(4) print "Setup response: ", for i in response: print "%02x" % ord(i), print s_initialize("SecuRemote-Simple-String") # Create a size field, which is based on the content of the named block # Sulley uses ">" to indicate big-endian values, "<" is little-endian s_size("client-name-string", length=4, endian=">") # This is the block of data used for filling in the s_sizeif s_block_start("client-name-string"): # "securemote" is the default string s_string("securemote") # constant null terminator s_byte("\x00") s_block_end() sess = sessions.session(session_filename="Securemote-Simple-string.sess", sleep_time=SLEEP_TIME, timeout=TIMEOUT, crash_threshold=CRASH_THRESHOLD) # Call preconn() before each mutation is sent to setup the target sess.pre_send = preconn sess.connect(s_get("SecuRemote-Simple-String")) target = sessions.target("127.0.0.1", 264) sess.add_target(target) sess.fuzz()成果
特别友情提示:最近路由器密码泄漏事件非常多,公布一组各类路由器默认账号密码,你是否中招?亲赶紧改密码吧!! 品牌:ViKing 用户名:adsl 密码:adsl1234 品牌:实达默认IP:...
什么叫GDB? GDB或GNU Project程序调试是一种网络信息安全数据加密/黑客工具,容许客户在运作时在网络技术应用程序流程或程序流程(手机软件)中开展财务审计和发觉。GDB针对开发者或程序猿...
作为网络爱好者,我们中的很多人都有一个黑客梦,就如同多数男孩都有一个武侠梦。黑客们凭借着高超的电脑技术、来无影去无踪的身手,宛如一个个武艺高超,轻功卓越的大侠在我们眼前飘过,令人心驰神往,却又可遇而不...
一、Ewebeidtor编辑器漏洞 eWebEditor是根据电脑浏览器的、眼见为实的线上HTML在线编辑器。它可以在网页页面上完成很多桌面上编辑软件(如:Word)所具备的强劲可视性编写作用。 &...
详解webshell提权服务器的21种方法 1.radmin连接法 条件是你权限够大,对方连防火墙也没有。封装个radmin上去,运行,开对方端口,然后radmin上去...
与好友在网络上相互传输资料时,有时先要知道对方计算机的IP地址,才能与对方建立信息传输通道。 那么对方的IP地址该如何搜查得到呢?这样的问题你也许会嗤之以鼻,的确,查询对方计算机的IP地址,实在简单...