Fuzzer Example

1. import sys,random,struct,socket,lib
2. from random import *
3. from lib import *
4. from socket import *
5.  
6. if len(sys.argv)<=1:   
7.  sys.exit('Give me an IP Dude')
8.  
9. host = sys.argv[1],445
10.  
11. print "Dummy Example"
12.  
13. packetnego = [chr(int(a, 16)) for a in """
14. ff 53 4d 42 72 00 00 00 00 00 00 00 00 00 00 00
15. 00 00 00 00 00 00 00 00 00 00 d5 15 00 00 81 0b
16. 00 77 00 02 50 43 20 4e 45 54 57 4f 52 4b 20 50
17. 52 4f 47 52 41 4d 20 31 2e 30 00 02 4d 49 43 52
18. 4f 53 4f 46 54 20 4e 45 54 57 4f 52 4b 53 20 33
19. 2e 30 00 02 44 4f 53 20 4c 4d 31 2e 32 58 30 30
20. 32 00 02 44 4f 53 20 4c 41 4e 4d 41 4e 32 2e 31
21. 00 02 57 69 6e 64 6f 77 73 20 66 6f 72 20 57 6f
22. 72 6b 67 72 6f 75 70 73 20 33 2e 31 61 00 02 4e
23. 54 20 4c 4d 20 30 2e 31 32 00""".split()]
24.  
25. packetsession1 = [chr(int(a, 16)) for a in """
26. ff 53 4d 42 73 00 00 00 00 18 07 00 00 00 00 00
27. 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 04 00
28. 0d 75 00 54 00 68 0b 02 00 00 00 04 06 03 80 01
29. 00 01 00 00 00 00 00 d4 00 00 00 17 00 00 00 57
30. 69 6e 64 6f 77 73 20 37 20 50 72 6f 00 57 49 4e
31. 37 00 00 00 04 ff 00 91 00 08 00 18 00 32 00 00
32. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
33. 00 00 00 00 00 00 00 5c 5c 31 39 32 2e 31 36 38
34. 2e 31 2e 38 36 5c 49 50 43 24 00 3f 3f 3f 3f 3f
35. 00""".split()]
36.  
37. def longueur(payload):
38.     length = struct.pack(">i", len(''.join(payload)))
39.     return length
40.  
41. def handle(data):
42.  
43.     ##Session Setup AndX Request, tree ipc;
44.     if data[8:10] == "\x72\x00":
45.        print "Session Query fuzzed sended\n"
46.        packet0 = ''.join(randfunc(packetsession1)) ### ---> randfunc used ...
47.        buffer0 = longueur(packet0)+packet0          
48.        print "complete packet %s\n\n" % (buffer0.encode("hex"))
49.        return buffer0
50.     ## no uid/tid/mid/etc care here, this is not a fuzzer release, just an example of using this lib...
51.     ## put here the Rest of tha RFC/Specs.  
52.  
53. ##starting prog  
54. def run():
55.     s = socket(AF_INET, SOCK_STREAM)
56.     s.connect(host)  
57.     s.settimeout(0.1)
58.     packet0 = ''.join(randfunc(packetnego)) ### ---> randfunc used ...
59.     print "Nego fuzzing"
60.     buffer0 = longueur(packet0)+packet0
61.     print "complete packet nego %s\n\n" % (buffer0.encode("hex"))
62.     s.send(buffer0)
63.     try:
64.       while True:
65.         data = s.recv(1024)
66.         s.send(handle(data))
67.     except Exception:
68.         pass
69.         s.close()
70.  
71. while True:
72.    run()