312-50V9 · Question #333
What is the code written for? #!/usr/bin/python import socket buffer=["A"] counter=50 while len(buffer)<=100: buffer.apend ("A"*counter) counter=counter+50 commands=["HELP","STATS.","RTIME.","LTIME.",
The correct answer is A. Buffer Overflow. This Python script is a buffer overflow fuzzer that sends progressively larger payloads to multiple commands on a target service to identify which input causes a memory boundary violation.
Question
What is the code written for? #!/usr/bin/python import socket buffer=[“A”] counter=50 while len(buffer)<=100:
buffer.apend (“A”*counter) counter=counter+50 commands=[“HELP”,“STATS.”,“RTIME.”,“LTIME.”,“SRUN.”,“TRUN.”,“GMON.”,“GD OG.”,“KSTET.”,“GTER.”,“HTER.”,“LTER.”,“KSTAN.”] for command in commands:
for buffstring in buffer:
print “Exploiting” +command+“:”+str(len(buffstring)) s=socket.socket(socket.AF_INET.socket.SOCK_STREAM) s.connect(('127.0.0.1',9999)) s.recv(50) s.send(command+buffstring) s.close()
Options
- ABuffer Overflow
- BEncryption
- CBruteforce
- DDenial-of-service (Dos)
How the community answered
(28 responses)- A46% (13)
- B14% (4)
- C11% (3)
- D29% (8)
Why each option
This Python script is a buffer overflow fuzzer that sends progressively larger payloads to multiple commands on a target service to identify which input causes a memory boundary violation.
The script builds a list of strings of increasing length (50, 100, 150 bytes up to over 5000 bytes of 'A' characters) and sends each one appended to various server commands over a TCP socket. This is a classic fuzzing technique used to trigger buffer overflow vulnerabilities by overflowing fixed-size input buffers in the target application. The goal is to find which command and payload length causes the application to crash, indicating a vulnerable input point.
The script contains no cryptographic functions, key generation, or encoding/decoding logic associated with encryption.
A brute-force attack cycles through possible credential combinations, whereas this script sends fixed repetitive characters ('A') of increasing length, which is fuzzing - not credential guessing.
A denial-of-service attack aims to exhaust resources and disrupt availability, whereas this script targets memory safety vulnerabilities by sending oversized inputs to specific command handlers.
Concept tested: Buffer overflow fuzzing script identification
Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow
Topics
Community Discussion
No community discussion yet for this question.