Fuzzing - charlesreid1

From charlesreid1

Revision as of 21:37, 16 April 2017 by Admin (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Fuzzing is a procedure to test a program's ability to handle (or not handle) malformed inputs. If, for example, a program expects the user to provide an integer, and you provide 10 MB of raw binary data instead, what happens to the program?

Fuzzing is an excellent way to discover bugs and find ways of triggering exceptions or crashes.

Probably the most popular fuzzing tools is American Fuzzy Lop.

Metasploitable: The Red Team

Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the RED TEAM's tools and routes of attack.

Metasploitable Databases:

Exploiting MySQL with Metasploit: Metasploitable/MySQL

Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres

Metasploitable Networking:

Exploiting VSFTP Backdoor: Metasploitable/VSFTP

SSH Penetration by Brute Force: Metasploitable/SSH/Brute Force

SSH Penetration with Keys: Metasploitable/SSH/Keys

SSH Penetration with Metasploit: Metasploitable/SSH/Exploits

Brute-Forcing /etc/shadow File: Metasploitable/John Shadow File

Exploiting NFS: Metasploitable/NFS

Exploiting DNS Bind Server: Metasploitable/DNS Bind

Metasploitable Services:

distcc: Metasploitable/distcc

Metasploitable Apache:

Exploiting Apache (with Metasploit): Metasploitable/Apache

Exploiting Apache (with Python): Metasploitable/Apache/Python

Tor's Hammer DoS Attack: Metasploitable/TorsHammer *

Apache DAV: Metasploitable/Apache/DAV *

Apache Tomcat and Coyote: Metasploitable/Apache/Tomcat and Coyote

Metasploitable Memory:

General approach to memory-based attacks: Metasploitable/Memory

Investigating memory data: Metasploitable/Volatile Data Investigation

Dumping Memory from Metasploit: Metasploitable/Dumping Memory

Metasploitable Fuzzing:

(Have not done much work on fuzzing Metasploitable...)

Fuzzing · American Fuzzy Lop

Category:Security · Category:Metasploit · Category:Metasploitable · Category:Kali

Flags · Template:MetasploitableRedTeamFlag · e

Kali Linux

"The quieter you become, the more you are able to hear."

Penetration testing Linux distribution.

Kali · Category:Kali

Kali/Wireless Reboot

Kali Software:

Aircrack · Wireshark · John the Ripper · Nmap · Metasploit Framework

Dsniff · Tcpdump · Hydra · Sqlmap · Burpsuite · Commix

Dirbuster · Valgrind

Attack Workflow:

1 Physical Attacks: Kali/Layer 1 Attacks

2 Data/MAC Attacks: Kali/Layer 2 Attacks

3 Network Attacks: Kali/Layer 3 Attacks

4 Transport Attacks: Kali/Layer 4 Attacks

5 Session Attacks: Kali/Layer 5 Attacks

6 Presentation Attacks: Kali/Layer 6 Attacks

7 Application Attacks: Kali/Layer 7 Attacks

Red Team Blue Team

Metasploitable - Red Team

Metasploitable - Blue Team

Networking:

Kali/Hotspot · Kali/OpenVPN · Kali/OpenVPN/Hotspot · Kali/OpenVPN/PIA

Booting:

Kali/Dual Boot OS X · Kali/Live USB · Kali/Persistent USB

Installing:

Kali/Installing · Kali/Post Install · ~~Kali/Fixes~~

Kali on Raspberry Pi:

Kali Raspberry Pi · Kali Raspberry Pi/Installing · Kali Raspberry Pi/Headless · Kali Raspberry Pi/Post-Install

Category:Security · Category:Wireless · Category:Passwords · Category:Man in the Middle · Category:Evil Twin

Flags · Template:KaliFlag · e

Retrieved from "https://charlesreid1.com/w/index.php?title=Fuzzing&oldid=16520"