好的,所以我在我的 win7 机器上运行 vulnserver.exe,等待端口 9999 上的输入。它接收某些带有参数的命令,其中一个是 TRUN,如果 TRUN 参数的长度正确,则旨在触发缓冲区溢出:
这是在 kali linux 上运行的 python im 尝试连接到 vulnserver 并查看是否会导致崩溃:
import socket
numAs = 10
try:
while True:
# open a connection to vulnserver
s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
s.connect (("194.168.1.154", 9999))
# receive the banner for vulnserver
s.recv (1024)
print "[*] Sending " + str(numAs) + " As"
# send the number of As to fuzz the HTER command
s.send ("HTER " + "A" * numAs + " \r\n")
# receive the response from vulnserver
s.recv (1024)
# close the connection
s.close ()
# increase the number of As we send next time
numAs += 10
except:
# if we get to here then something happened to vulnserver because the
connection is closed
print "Socket closed after sending " + str(numAs - 10) + " As"
但是这是我得到的命令行输出
./hterfuzz.py: line 2: numAs: command not found
./hterfuzz.py: line 3: try:: command not found
./hterfuzz.py: line 6: syntax error near unexpected token `('
./hterfuzz.py: line 6: `s = socket.socket (socket.AF_INET,socket.SOCK_STREAM)'
我对 python 很陌生,不理解一些基本错误,所以任何帮助将不胜感激。非常感谢 !
vulnserver.exe 程序也可在此处获得: http ://sites.google.com/site/lupingreycorner/vulnserver.zip
使用 vulnserver 进行模糊测试的教程在这里: https ://samsclass.info/127/proj/vuln-server.htm
如果有任何其他信息我可以提供只是问,我只是试图修复 py 脚本中的错误,以便我可以尝试找出导致溢出所需的内容并最终修改它以创建有用的输入通过将字符串发送到 vulnserver 来在 win7 机器上执行进程的字符串。
感谢任何帮助的人:)