3. Spiking

It is the process of finding what commands crashes a particular program.

For instance take this vulnserver commands

We will take each command one at a time and try to see what command overflows the buffer if we send a bunch of characters at it.

generic_send_tcp

Spike Script

Name the file as file.spk
File Format
- s_readline(); s_string("STATS "); s_string_variable("0");
- Change "STATS" to the command that you want to test

If we run the generic_send_tcp command and to find the vulnerable command, if the immunity debugger pauses and crashes, it means that the command is vulnerable

You will see that ESP, EBP and EIP registers will be overwritten with As (4141...)

Previous2. Mona Setup Next4. Fuzzing

Last updated 1 year ago