# 3. Spiking

It is the process of finding what commands crashes a particular program.

For instance take this vulnserver commands 

<figure><img src="https://1920086362-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDfv51K0WXLZdwTryHQZc%2Fuploads%2FRw4oyxZTHuuJ6sPtvoFs%2Fimage.png?alt=media&#x26;token=739169d2-8730-4c71-8b3d-54443dabd2cc" alt=""><figcaption></figcaption></figure>

We will take each command one at a time and try to see what command overflows the buffer if we send a bunch of characters at it.

***

### generic\_send\_tcp

<figure><img src="https://1920086362-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDfv51K0WXLZdwTryHQZc%2Fuploads%2FLkYZ812Px4gBE6rjhtsw%2Fimage.png?alt=media&#x26;token=0001c350-bb00-4f7a-b016-971956e3fe50" alt=""><figcaption></figcaption></figure>

### Spike Script

1. Name the file as `file.spk`
2. File Format
   * ```bash
     s_readline();
     s_string("STATS ");
     s_string_variable("0");
     ```
   * Change "STATS" to the command that you want to test

***

If we run the `generic_send_tcp` command and to find the vulnerable command, if the immunity debugger pauses and crashes, it means that the command is vulnerable

You will see that ESP, EBP and EIP registers will be overwritten with `As (4141...)`