22 lines
No EOL
1.1 KiB
Text
22 lines
No EOL
1.1 KiB
Text
Exploit Title :Filefuzzer Denial of service vulnerability
|
|
Software : Filefuzzer
|
|
Software link :http://labs.idefense.com/software/fuzzing.php
|
|
Autor : Sweet
|
|
Email : charif38@hotmail.fr
|
|
Date : 5/11/2010
|
|
Tested on : WinXp sp3 eng | Vmware
|
|
Software detail: FileFuzz is a graphical Windows based devlopped by file format fuzzing tool . Devlopped by "IDefense Labs",
|
|
FileFuzz was designed to automate the launching of applications and detection of
|
|
exceptions caused by fuzzed file formats. compiled under Microsoft .NET 2.0
|
|
Thx to : Inj3ct0r.com , shell-storm.org , exploit-db.com and 123 viva l'Algerie
|
|
POC
|
|
Setup the application to fuzz any kind of application you want , i just left everything by default
|
|
|
|
in Create menu
|
|
File Type : "bkf - ntbackup.exe"
|
|
Source file : "C:\Program Files\FileFuzz\Attack\test.bkf"
|
|
Target Directory : "c:\fuzz\bkf\" #Create the directory if it's dosent existe
|
|
|
|
in Execute menu
|
|
Application : "C:\WINDOWS\system32\ntbackup.exe"
|
|
Arguments : by default its "{0}" change it to "{A}" and presse execute wish will cause the application to crash |