Spiking

PreviousFinding the Offset NextFuzzing

Last updated 11 months ago

Spiking sends random characters to attempt to overflow the buffer and break the program
Used vulnserver on a Win10 VM and Kali Linux to practice this

Available Commands

Using generic_send_tcp to attempt to spike
- Syntax - ./generic_send_tcp TARGET_IP PORT SPIKE_SCRIPT SKIPVAR SKIPSTR
The SPIKE_SCRIPT can be something like this

s_readline();
s_string("STATS ");
s_string_variable("0");

Trying this against vulnserver STATS - this was not vulnerable

Trying the same against vulnserver TRUN command
- This turned out to be vulnerable - immunity debugger shows an Access violation when executing message
- This caused vulnserver to crash

This caused the EBP to overflow and spilled into the EIP
- Once we control the EIP we can inject malicious code.