fuzzer

HITB2014AMS – Day 1 – Harder, Better, Faster Fuzzer: Advances in BlackBox Evolutionary Fuzzing

Published May 29, 2014 | By Peter Van Eeckhoutte (corelanc0d3r)

Vulnerability Hunting Active security testing, Fabien explains, is the process of generating input which travel in the application, hit a sink and violate a property.  It applies to all kinds of vulnerabilities, not just limited to buffer overflows or memory corruption bugs.   Blackbox and whitebox/greybox testing (both static and dynamic) are ways to perform […]

Posted in Cons and Seminars | Tagged , , , , , , , , , , , , , , , , , , ,

Metasploit module : HTTP Form field fuzzer

Published November 12, 2010 | By Peter Van Eeckhoutte (corelanc0d3r)

Introduction About a month after releasing an ftp client fuzzer module for Metasploit, I decided to release yet another fuzzer module I have been working on over the last few weeks. This new module can be used to audit web servers/web server plugins/components/filters, by fuzzing form fields and optionally fuzz some header fields. While this […]

Posted in 001_Security, Exploits, Web Application Security | Tagged , , , , , , , , , , , , , , , , , , , , , , , ,

Death of an ftp client / Birth of Metasploit modules

Published October 12, 2010 | By Peter Van Eeckhoutte (corelanc0d3r)

Over the past few weeks, Corelan Team has given its undivided attention to fuzzing ftp client applications.

Using a custom built ftp client fuzzer, now part of the Metasploit framework, the team has audited several ftp clients and applications that use an embedded client ftp component. One example of such an application is a tool that would synchronize / backup data from a computer to a remote ftp server.

The 3 main audit/attack vectors that were used during the “project” were

send back overly long responses to ftp commands / requests sent by the ftp client to the server
send back a file/directory listing that contains overly long file/folder names
try to download a file that has an overly long filename.
Continue reading

Posted in 001_Security, Exploits | Tagged , , , , , , , , , , , , , , , , , , ,

Fuzzing with Metasploit : Simple FTP fuzzer

Published October 19, 2009 | By Peter Van Eeckhoutte (corelanc0d3r)

Just wanted to drop a quick note about the release of another free script. This time I’ve written a simple FTP fuzzer (with a little help from HDMoore) in Metasploit. You can read more about it (and download the script) at http://www.corelan.be:8800/index.php/my-free-tools/security/metasploit/simple-ftp-fuzzer-metasploit-module/ This is why I like Metasploit so much… :-) Update : after running […]

Posted in 001_Security, Exploits, My Free Tools, Scripts | Tagged , , , , , , , , , , , , , , , , , , ,

Corelan Training

We have been teaching our win32 exploit dev classes at various security cons and private companies & organizations since 2011

Check out our schedules page here and sign up for one of our classes now!

Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Protected by Copyscape Web Plagiarism Tool

Corelan on Slack

You can chat with us and our friends on our Slack workspace:

  • Go to our facebook page
  • Browse through the posts and find the invite to Slack
  • Use the invite to access our Slack workspace

    • Categories

    Mastodon: @corelanc0d3r | @corelan


    Copyright Peter Van Eeckhoutte © 2007 - 2024 | All Rights Reserved | Terms of use