10 jun 2012

backfuzz v0.3 released

Hey guys, just announcing that v0.3 came out, new changes are:

(*) Added the ability to use different type of patterns while fuzzing (Cyclic | CyclicExtended | Single | Format-String).
(*) Removed a lot of un-useful parameters and use global variables instead.
(*) Minor Help Screen improvements.

Help Screen:



Example with CyclicExtended:



Download:

https://github.com/localh0t/backfuzz

30 mar 2012

Bypassing tolower() filters in buffer overflows


This whitepaper goes into detail on how to bypass tolower() filters in buffer overflows. It uses a stack-based buffer overflow as an example but the technique can also be applied to heap overflows as well.
Hope you guys enjoy it :).

23 mar 2012

Website Pro <= 3.1.13.0 "Referer:" Remote Buffer Overflow PoC



The crash occurs when the application tries to write ECX (0x00000000) into the address that 
contains EAX (we control EAX) (0xBAADBEEF) .
Possible explotable, not tested yet.
SHODAN Dork: "Server: Website/3.1" 
 
Link: http://www.1337day.com/exploits/17806

12 mar 2012

backfuzz - protocol fuzzing toolkit

Well, after a while I am releasing this simple fuzzer.
You can use this basically to fuzz different protocols (FTP, HTTP, IMAP, etc) but also has no-protocol plug-ins (Example: File Fuzzer).
The general idea is that this script has several functions already predefined in the file "functions.py", so whoever wanna write his own plugin's (for another protocol) in a few lines and add it to the script can do so.
I know the code is still in beta and requires a lot of work to get better, so any questions / suggestions / criticism / comment is welcome.

Screenshots:

    Help Menu:



    Crash reached (FTP):


    Crash reached (HTTP):


    File Fuzzing:


    File Fuzzing (Files):


GitHub page:

Installation:

git clone https://github.com/localh0t/backfuzz
 
Happy fuzzing,
Matías.