Fuzzing and Exploit Development under the Win32 Platform

Thanks to His0k4 (his0k4.hlm [] gmail.com) for submitting this video to us.

Here is the description of the video by him: "This video shows the steps needed for a software penetration testing. The target was an tftp server. So the first thing we do is to know how the data is transferred from/to client/server and find wich field can be fuzzed. In this case we'll fuzz the source/destination file and the type of the transfer and soon we'll realize that the bug exists in the read request with an overly long filename... The vulnerable program : "ProSysInfo TFTP Server TFTPDWIN" Sorry the text in the video is in Arabic."

This is a recommended watch for those who want to learn how to use fuzzing to find exploits in software, and then figure out what exactly went wrong, and if the condition is exploitable or not. The thing to remember while doing fuzzing tests, is to always run the victim software in a debugger, so that one can observe what is going wrong.

We hate these ADs as much as you do! Help us stay FREE and CLEAN by making a Generous Donation!

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net