Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

Fuzzing in Backtrack 5 R1- Part 3

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
3,043
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Oct 7, 2011

Fuzzing is a process of sending deliberately malformed data to a program in order to generate failures, or errors in the application. When performed by those in the software exploitation community, fuzzing usually focuses on discovery of bugs that can be exploited to allow an attacker to run their own code, and along with binary and source code analysis fuzzing is one of the primary ways in which exploitable software bugs are discovered.

There are a number of popular and free software based fuzzers available, but during this article we will focus on one of the first fuzzers to become popular within the Information Security community -- SPIKE.

In this part.. i have used pearl to exploit the victim... and used metasploit to investigate the cause of the crash... using the offset finder.. and other cool tools..

Test done on Backtrack 5 R1 and Windows XP SP3.

Music-
Cradle of Filth - Nymphétamine

Video by ChriAdlr.. enjoy

  • likes, 0 dislikes

Link to this comment:

Share to:

Uploader Comments (pratiksrc)

  • Spike can also used to other server like ftp or mail? In this video at 4:54 u type ./pattern_offset.rb 0x386f4337 5000. value of " 0x386f4337" is from where?

    ClapikaKuruta 3 weeks ago

  • @ClapikaKuruta u can use a software called OllyDbg... to find the eip.... :)

    pratiksrc 3 weeks ago

  • in regards of finding the $eip from immunity debugger is that right?

    because i have seen many videos and just want to make sure

    Thanks for the video anyways

    mezozam 4 months ago

  • @mezozam oh wait.. for $eip i used metasploit in victims computer.. i used msfpescan...u can use ollydbg to overwrite eip files..

    pratiksrc 4 months ago

see all

All Comments (11)

Sign In or Sign Up now to post a comment!

  • @pratiksrc ok thx,by the way .spk file is what language?have any tutorial on it? i want to try own my ftp server that have login.

    ClapikaKuruta 2 weeks ago

  • @sagetajr Set it up to work

    PussayPatroI 2 months ago in playlist Fuzzing In Metasploit

  • how did you get your internet to work in bt5 while using virtual machine?

    sagetajr 2 months ago

  • really pro dude, i love your vids

    SevenPoint83hertz 2 months ago in playlist Fuzzing In Metasploit

Loading...
Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more