nerdexam
EC-Council

312-50V9 · Question #333

What is the code written for? #!/usr/bin/python import socket buffer=["A"] counter=50 while len(buffer)<=100: buffer.apend ("A"*counter) counter=counter+50 commands=["HELP","STATS.","RTIME.","LTIME.",

The correct answer is A. Buffer Overflow. This Python script is a buffer overflow fuzzer that sends progressively larger payloads to multiple commands on a target service to identify which input causes a memory boundary violation.

System Hacking

Question

What is the code written for? #!/usr/bin/python import socket buffer=[“A”] counter=50 while len(buffer)<=100:

buffer.apend (“A”*counter) counter=counter+50 commands=[“HELP”,“STATS.”,“RTIME.”,“LTIME.”,“SRUN.”,“TRUN.”,“GMON.”,“GD OG.”,“KSTET.”,“GTER.”,“HTER.”,“LTER.”,“KSTAN.”] for command in commands:

for buffstring in buffer:

print “Exploiting” +command+“:”+str(len(buffstring)) s=socket.socket(socket.AF_INET.socket.SOCK_STREAM) s.connect(('127.0.0.1',9999)) s.recv(50) s.send(command+buffstring) s.close()

Options

  • ABuffer Overflow
  • BEncryption
  • CBruteforce
  • DDenial-of-service (Dos)

How the community answered

(28 responses)
  • A
    46% (13)
  • B
    14% (4)
  • C
    11% (3)
  • D
    29% (8)

Why each option

This Python script is a buffer overflow fuzzer that sends progressively larger payloads to multiple commands on a target service to identify which input causes a memory boundary violation.

ABuffer OverflowCorrect

The script builds a list of strings of increasing length (50, 100, 150 bytes up to over 5000 bytes of 'A' characters) and sends each one appended to various server commands over a TCP socket. This is a classic fuzzing technique used to trigger buffer overflow vulnerabilities by overflowing fixed-size input buffers in the target application. The goal is to find which command and payload length causes the application to crash, indicating a vulnerable input point.

BEncryption

The script contains no cryptographic functions, key generation, or encoding/decoding logic associated with encryption.

CBruteforce

A brute-force attack cycles through possible credential combinations, whereas this script sends fixed repetitive characters ('A') of increasing length, which is fuzzing - not credential guessing.

DDenial-of-service (Dos)

A denial-of-service attack aims to exhaust resources and disrupt availability, whereas this script targets memory safety vulnerabilities by sending oversized inputs to specific command handlers.

Concept tested: Buffer overflow fuzzing script identification

Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow

Topics

#buffer overflow#fuzzing#Python exploit#socket programming

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice