Add new file

970d40e0 · 尹启迪 · e041b410 · 970d40e0
Commit 970d40e0 authored 4 years ago by 尹启迪
Show whitespace changes
Inline Side-by-side

Showing with 169 additions and 0 deletions

Fuzz_DSL.py Fuzz_DSL.py +169 -0

No files found.
--- a/Fuzz_DSL.py
+++ b/Fuzz_DSL.py
+from boofuzz import *
+from sys import exit
+def get_banner(target, my_logger, session, *args, **kwargs):
+    banner_template = "Welcome to Vulnerable Server! Enter HELP for help."
+    try:
+        banner = target.recv(10000)
+        # if(len(banner)<1):
+        # 	print "failed"
+        # 	exit(1)
+        # else:
+	       #  print "Received!!!!!!!!!!!!!!!"+banner
+    except:
+        print "Unable to connect. Target is down. Exiting."
+        exit(1)
+    if(len(banner)==0):
+    	print "failed"
+    	exit(1)
+    else:
+        print "Received!!!!!!!!!!!!!!!"+banner
+def main():
+	session = Session(target=Target(connection=TCPSocketConnection("192.168.1.1", 80)),)
+	s_initialize(name="First")
+	s_static("GET / HTTP/1.1")
+	s_static("\r\n")
+	s_static("Host: 192.168.1.1")
+	s_static("\r\n")
+	s_static("User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0")
+	s_static("\r\n")
+	s_static("Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8")
+	s_static("\r\n")
+	s_static("Accept-Language: en-US,en;q=0.5")
+	s_static("\r\n")
+	s_static("Accept-Encoding: gzip, deflate")
+	s_static("\r\n")
+	s_static("Connection: close")
+	s_static("\r\n")
+	s_static("Upgrade-Insecure-Requests: 1")
+	s_static("\r\n")
+	s_static("Cache-Control: max-age=0")
+	s_static("\r\n")
+	s_initialize(name="Login")
+	# with s_block("Post-Line"):
+	# s_static("GET /cgi-bin/Login.asp?User=admin&Pwd=admin&_=1598500049569 HTTP/1.1")
+	s_static("GET /cgi-bin/Login.asp HTTP/1.1")
+	s_static("\r\n")
+	s_static("Host: 192.168.1.1")
+	s_static("\r\n")
+	s_static("User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0")
+	s_static("\r\n")
+	s_static("Accept: */*")
+	s_static("\r\n")
+	s_static("Accept-Language: en-US,en;q=0.5")
+	s_static("\r\n")
+	s_static("Accept-Encoding: gzip, deflate")
+	s_static("\r\n")
+	s_static("X-Requested-With: XMLHttpRequest")
+	s_static("\r\n")
+	s_static("Connection: close")
+	s_static("\r\n")
+	s_static("Referer: http://192.168.1.1/cgi-bin/Login.asp")
+	s_static("\r\n")
+	s_static("Upgrade-Insecure-Requests: 1")
+	s_static("\r\n")
+	s_initialize(name="Get_key")
+	s_static("GET /cgi-bin/get/New_GUI/get_sessionKey.asp?_=1598531344762 HTTP/1.1")
+	s_static("\r\n")
+	s_static("Host: 192.168.1.1")
+	s_static("\r\n")
+	s_static("User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0")
+	s_static("\r\n")
+	s_static("Accept: */*")
+	s_static("\r\n")
+	s_static("Accept-Language: en-US,en;q=0.5")
+	s_static("\r\n")
+	s_static("Accept-Encoding: gzip, deflate")
+	s_static("\r\n")
+	s_static("X-Requested-With: XMLHttpRequest")
+	s_static("\r\n")
+	s_static("Connection: close")
+	s_static("\r\n")
+	s_static("Referer: http://192.168.1.1/cgi-bin/New_GUI/Diagnostics.asp")
+	s_static("\r\n")
+	s_initialize(name="Post")
+	# with s_block("Post-Line"):
+	s_static("POST /cgi-bin/New_GUI/Set/Diagnostics.asp HTTP/1.1")
+	s_static("\r\n")
+	s_static("Host: 192.168.1.1")
+	s_static("\r\n")
+	s_static("User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0")
+	s_static("\r\n")
+	s_static("Accept: */*")
+	s_static("\r\n")
+	s_static("Accept-Language: en-US,en;q=0.5")
+	s_static("\r\n")
+	s_static("Accept-Encoding: gzip, deflate")
+	s_static("\r\n")
+	s_static("Content-Type: application/x-www-form-urlencoded; charset=UTF-8")
+	s_static("\r\n")
+	s_static("X-Requested-With: XMLHttpRequest")
+	s_static("\r\n")
+	s_static("Content-Length: 45")
+	s_static("\r\n")
+	s_static("Origin: http://192.168.1.1")
+	s_static("\r\n")
+	s_static("Connection: close")
+	s_static("\r\n")
+	s_static("Referer: http://192.168.1.1/cgi-bin/New_GUI/Diagnostics.asp")
+	s_static("\r\n")
+	s_static("")
+	s_static("\r\n")
+	s_static("Type=p&sessionKey=424238335&Addr=")
+	s_string("XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", max_len=1024)
+	session.connect(s_get("First"))
+	session.connect(s_get("First"), s_get("Login"))
+	session.connect(s_get("Login"), s_get("Get_key"), callback=get_banner)
+	session.connect(s_get("Get_key"), s_get("Post"), callback=get_banner)
+	session.fuzz()
+if __name__ == '__main__':
+	main()
\ No newline at end of file