Spike Package

Description

Spike Package  – SPIKE is actually a fuzzer creation kit, providing an API that allows a user to create their own fuzzers for network based protocols using the C programming language. SPIKE defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service to hopefully induce errors. SPIKE was specifically designed to focus on finding exploitable bugs, so it’s an excellent choice for our purposes.

SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and sample code that parses web applications and DCE-RPC (MSRPC).

Usage

Options – Generic-Send_TCP

spike-generic-send_tcp host port spike_script SKIPVAR SKIPSTR Spike Package

Example

cyborg@cyborg:~$ spike-generic-send_tcp 192.168.1.7 9999 test.spk 0  0
Total Number of Strings is 681
Fuzzing
Fuzzing Variable 0:0

Options – Generic-Send_UDP

spike-generic_send_udp target port file.spk startvariable startfuzzstring startvariable startstring totaltosend Spike Package

Example

cyborg@cyborg:~$ spike-generic-send_udp 192.168.1.7 80  abc.spk 0 0 500
Target is 192.168.1.7
Total Number of Strings is 681
fd=3
Fuzzing Variable 0:0
Fuzzing Variable 0:1(
Fuzzing Variable 0:2
Fuzzing Variable 0:3

Options – Generic-Listen_TCP

spike-generic-listen_tcp port spike_script Spike Package

Example

cyborg@cyborg:~$ spike-generic-listen_tcp 9999 test.spk
Total Number of Strings is 681

Options – Generic-Chunked

generic_web_server_fuzz target port file.spk skipvariables skipfuzzstring Spike Package

Example

cyborg@cyborg:~$ spike-generic-chunked www.ztrela.com 80 tst.spk 0 0
Target is www.ztrela.com
Total Number of Strings is 681
Fuzzing Variable 0:0
parsing tst.spk
sending
Sent 4
sending
Sent 8
sending
Sent c
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?