Spiking

  • Spiking sends random characters to attempt to overflow the buffer and break the program

  • Used vulnserver on a Win10 VM and Kali Linux to practice this

  • Available Commands

Available Commands

  • Using generic_send_tcp to attempt to spike

    • Syntax - ./generic_send_tcp TARGET_IP PORT SPIKE_SCRIPT SKIPVAR SKIPSTR

  • The SPIKE_SCRIPT can be something like this

s_readline();
s_string("STATS ");
s_string_variable("0");

  • Trying this against vulnserver STATS - this was not vulnerable

Spiking STATS in action

  • Trying the same against vulnserver TRUN command

    • This turned out to be vulnerable - immunity debugger shows an Access violation when executing message

    • This caused vulnserver to crash

Immunity Debugger

  • This caused the EBP to overflow and spilled into the EIP

    • Once we control the EIP we can inject malicious code.

PreviousFinding the OffsetNextFuzzing

Last updated