Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # ./bfuzz.sh (basic bash fuzzer)
- # Israel Torres hakin9@israeltorres.org
- # Mon May 30 15:54:33 PDT 2011
- # "from-fuzz-to-sploit"
- # demo to:
- # 1. fuzz a executable file using a pattern, sequence, interaction type
- # executable pattern max_sequence type_of_interaction stop_on_err_#_of_x
- #
- # use in bash prompt:
- # ./bfuzz.sh 'executable' 'pattern' 'maxseq' 'i|n' 'error#oftimes'
- #
- if [ ! $# -lt 5 ]; then
- testapp=$1
- tempvar=$2
- testmax=$3
- testype=$4
- testerr=$5
- testvar=$tempvar
- for ((i=1;i<=testmax;i++)); do
- if [ $testype == "i" ]; then
- rslt=$(echo $testvar | $testapp); lastrtn=$?
- fi
- if [ $testype == "n" ]; then
- rslt=$($testapp $testvar); lastrtn=$?
- fi
- echo -e "seq:\t$i\texec:$testapp\tlastrtn:$lastrtn"
- if [ $lastrtn -ne 0 ] ; then
- pwn=$(echo -n $testvar | xxd -p)
- echo -e "pwn:\t0x$pwn"
- echo -e "pwn:\t$testvar"
- errcnt=$((errcnt+1))
- if [ $testerr == $errcnt ]; then
- break;
- fi
- fi
- testvar="${testvar}$tempvar"
- done
- else
- echo "usage: $0 'executable' 'pattern' 'maxseq' 'i|n' '#'"
- echo "example: $0 ./demo-vuln-64 A 50 i 5"
- fi
- #EOF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement