|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Spike] DNS Fuzzing
From: Alexander Ehlert (ehlert
syss.de)
Date: Wed Mar 16 2005 - 14:24:23 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alexander Ehlert wrote:
So just answering myself, I updated it a bit:
s_binary_block_size_intel_halfword_variable("request");
s_block_start("request");
s_binary("affe01000001000000000000"); /* transaction id, answer rr,
authority rr, additional rr */
s_binary_block_size_byte_variable("host");
s_block_start("host");
s_string_variable("www");
s_block_end("host");
s_binary_block_size_byte_variable("domain");
s_block_start("domain");
s_string_variable("foo");
s_block_end("domain");
s_binary_block_size_byte_variable("domain");
s_block_start("toplevel");
s_string_variable("de");
s_block_end("toplevel");
s_binary("00 0001 0001"); /* null terminate the string and query type a,
class inet*/
s_block_end("request");
Ok, it's just when I start to fuzz nothing is inserted for the
halfword_variable. Then values are increased. But why does spike no
insert the real length of the block when the next variable is fuzzed?
Cheers, Alex
> Hi I'm trying to fuzz a DNS Server.
> To this I just used the source of generic_tcp_send and replaced the
> s_parse command by the following:
>
> s_binary_block_size_intel_halfword_variable("request");
> s_block_start("request");
> s_binary("affe01000001000000000000"); /* transaction id, answer rr,
> authority rr, additional rr */
> s_string_variable("foobar");
> s_binary("00 0001 0001"); /* null terminate the string and query type a,
> class inet*/
> s_block_end("request");
>
> But for some reason the halfword in the beginning is not inserted, the
> packet starts with 0xaffe, what am I doing wrong?
>
> Cheers, Alex
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Spike mailing list
> Spikelists.immunitysec.com
> https://lists.immunitysec.com/mailman/listinfo/spike
--
Alexander Ehlert, IT Security Consultant, SySS GmbH
Friedrich-Dannenmann-Str.2, D-72070 Tübingen
www : http://www.syss.de
e-mail: ehlertsyss.de
Tel. : +49 7071 407856-17
Fax. : +49 7071 407856-19
Mob. : +49 172 7288940
GPG Fingerprint: D9B4 8449 7259 40F2 9F07 6FEA 172A 15F7 FE8E 51D7
_______________________________________________
Spike mailing list
Spikelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/spike
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]