好吧所以我在我的win7盒子上运行了vulnserver.exe,等待端口9999上的输入。它接受某些命令,其中一个参数是TRUN,如果TRUN参数是正确长度则设计为触发缓冲区溢出:
这是在kali linux上运行的python我尝试连接到vulnserver并查看是否会导致崩溃:
import socket
numAs = 10
try:
while True:
# open a connection to vulnserver
s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
s.connect (("194.168.1.154", 9999))
# receive the banner for vulnserver
s.recv (1024)
print "[*] Sending " + str(numAs) + " As"
# send the number of As to fuzz the HTER command
s.send ("HTER " + "A" * numAs + " \r\n")
# receive the response from vulnserver
s.recv (1024)
# close the connection
s.close ()
# increase the number of As we send next time
numAs += 10
except:
# if we get to here then something happened to vulnserver because the
connection is closed
print "Socket closed after sending " + str(numAs - 10) + " As"
但是这里是命令行输出
./hterfuzz.py: line 2: numAs: command not found
./hterfuzz.py: line 3: try:: command not found
./hterfuzz.py: line 6: syntax error near unexpected token `('
./hterfuzz.py: line 6: `s = socket.socket (socket.AF_INET,socket.SOCK_STREAM)'
我是python的新手,并不了解一些基本错误,所以任何帮助将不胜感激。非常感谢!
这里也提供了vulnserver.exe程序: http://sites.google.com/site/lupingreycorner/vulnserver.zip
和使用vulnserver进行模糊测试的教程在这里: https://samsclass.info/127/proj/vuln-server.htm
如果有任何其他信息,我可以提供只是问,我只是试图修复py脚本中的错误,所以我可以玩它来尝试找出导致溢出所需的最新内容并最终修改它以创建一个有用的输入字符串,通过将字符串发送到vulnserver来执行win7框上的进程。
感谢您的帮助:)
答案 0 :(得分:0)
这很简单 - 你的脚本是由bash解释的,而不是python。
只需将其添加为代码的第一行:#!/ usr / bin / python