HTTP Fuzzing - Perl

Here is the Protocol Fuzzing Script, Which will get some awesome crashes/bugs on HTTP Server.

This Script works as a basic version but, reliable. The overflow.txt is upto the user.

Code Snippet

#!/usr/bin/perl
# HTTP Protocol Fuzzing (Basic)

# Find most of the bugs in Modems, Routers, minihttp servers, etc....

#
# Usage: perl httpfuzz.pl <IP> <Port>
# Example: root@n41k#perl httpfuzz.pl 192.168.1.1 80
#          root@n41k#perl httpfuzz.pl 172.16.1.1 8080
#
# Author : Srinivas Naik (0xN41K)
#
use IO::Socket;
$target = $ARGV[0];
$port = $ARGV[1];


print "\n\nHTTP Protocol Fuzzing..\n";
$sock = IO::Socket::INET->new(
        Proto=>"tcp",
        PeerPort=>$port,
        PeerAddr=>"$target"
)or die "\nCan't connect to $target..\n";


open(http2,"http_methods.txt"); #Contains HTTP Methods like GET, OPTIONS, etc..
@http_method=<http2>;
foreach $method (@http_method){


        open(http1,"overflow.txt"); #Collection of incremental A's
        @http=<http1>;
        chomp($method);
        foreach $line (@http){
                chomp($line);
                $request = "$method $line/main.html"." HTTP/1.0\r\n\r\n";
                print $sock $request; #Send the HTTP DATA to the Network
                sleep 2;
                print $request."\n";
                }
        close(http1);
        }
close $sock;
close(http2);
print "Done...\n";
     
Above Fuzzer needs two file inputs 
1. http_methods.txt containing GET, PUT, HEAD, OPTIONS etc... each in NEW LINE
2. overflow.txt containing incremental A's can be generated from B0F.pl

#!/usr/bin/perl
# Usage: root@n41k#perl B0F.pl 10000
$len = $ARGV[0];
my $PoC = "A";
open(file , ">>", "overflow.txt");
for ($i=1;$i<$len;$i++){
            print file $PoC x $i;
            print file "\n";
      }
print "\n [+] File successfully created!\n" or die print "\n [-] OVERFLOW Not Created !! ";
close(file);

My Best Experiences with NMAP

 Command 1: nmap -sS -A -O -sS -sU <Target IP>
               PORT STATE SERVICE VERSION
                    21/tcp open ftp vsftpd 2.0.4
                    |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
           Aggressive OS guesses
               Network Distance
               Host script results
               Tracroute
      **Above command consumes little more time :) 

 Command 2: nmap -sS <Target IP> -p21,23,80,139,445 --reason
       reason --> specifies decision on port state

 Command 3: nmap -p445 --script=smb-os-discovery <Target IP>

 Command 4: nmap --osscan-limit -n -vvv -PN --scan-delay 1s -A

Will discuss more in coming post's....

Webinar: Advance Persistant Defence

Webinar: Advance Persistant Defence
By: Marcus Carey, RAPID7
Time: 00:30Am - 01:30 Am Thu 08, Dec 2011

In the webinar he was specifically focussing on the overall attacks how APT is spreading.

I am briefing them in this post:

1. Most Attacks require Human Interaction
- Click BAD links / Files
- USB Media
From above there are 29.80% Technical Attacks
70.80% is done by Social Engineering i.e. Attacking mind of user.

Special Note was made that Mass Malware Packs are Publically available and out of which 99%+ of attacks dont involve 0day.

2. Perimeter Exploit Exposure
- MS11-083
Attackers could send UDP data through closed ports
- Network Egress Points
No filtering TCP/UDP
Maintaining Firewall Rules
Legacy rules in place

3. Web Application Long Tail
- Problem
Many 2011 breaches used SQL Injection

- Mitigation
Intense Code Review when Changes are made
Reqular assessment for deployed code

4. Social Engineering
- People open Malicious links/Execuatables
- Can lead to complete compromise of system
- Phishing is the leading cause of compromise (70.8%)

Dead Evil Captures - Xploits PCAP

I have put all the Exploits, it also contains latest attacks in it.

Created it for testing IDPS / Intrusion System.

http://groups.google.com/group/nforceit/browse_thread/thread/5ca43f14cf0ffd4a

Just download the PCAP from the link

File: exploit_attack.pcap