Thank you for the support! It helps a ton

Your name is hilarious

@@TurdFurgeson275 thank you sir

this comment was a life savor. I had no idea how i was writing that script wrong. Could u please explain why i need to use python 2 instead of python? is it cause the creator and I are on different versions of python?? and is it python from the immunity debugger, or kali linux python that its referring to?

Thank you :)

I did some captures with Wireshark and compared generic_send_tcp to manual attempts with netcat. As you pointed out, netcat captures only showed "TRUN [string]" as expected. What I found was that the "/.:/" string was first observed in the second fuzzing attempt by generic_send_tcp and seems to be nothing special other than it happened to be included in the first of the attempts that had a longer string of A's (the length being what crashes vulnserver). The first fuzzing attempt was simply "TRUN 0" and since it didn't cause a crash, wasn't seen in the register upon inspection. The third attempt (captured by Wireshark but never made it to vulnserver because of the crash) was "TRUN /.../" followed by numerous A's. The fourth attempt was "TRUN /.../.../.../.../.../" with no A's. With limited insight into how generic_send_tcp works, I'm going to take a wild guess that the "/.:/" was just a part of the first fuzzing permutation that caused a crash (which was actually related to the length of the string moreso than the contents) and that it has no significance to the BOF. I imagine that modifying the script to just use "TRUN AAAAAAAAA..." would produce the same results. I'll test this tomorrow but it's getting late here. :)

Finally got around to testing this and I couldn't get it to crash without "/.:/". There's something magical about those characters but I'm not sure what it is yet...

I was able to get this to work with "TRUN ." + buffer. There's something about the period...

@@mattbogenberger This is what I worry about in testing for OSCP, is that there will be some "magical" characters or some other type of magical string and I just want to try and understand how to identify these things. I'm at the sophistication level of .... this argument is vulnerable. throw a big string of A's and proceed as normal. Anything tricky like this will definitely screw me if I don't know what i'm looking for or why i'm looking for it.

shnosifaj I actually ended up looking at the source code (vulnserver.c) and found out why it’s doing that. There’s a line where it’s looking specifically for the “.” character in the string. The line is: if ((char)RecvBuf[i] == '.') {

We captured this in the spiking section. Look at the spike of TRUN in Immunity and you'll see it

@@TCMSecurityAcademy Hi Cyber mentor, on this question, how would you have found those extra symbols without having immunity running on the vulnerable server?

@@ithinkv I think you need to have a sample "exe" that you can test locally.

@Abdur Rahman Bikash but it is not connecting to my vulnserver also it is just crashing can you tell me or suggest any improvement in the code

same problem. Please help cyber mentor

@@daviobalburdia Bro I have reviewed my script thoroughly and everything seems to be in order but I still get the same issue.....crashes at 100 bytes, vulnserver receives no connections and immunity doesn't pause.

@@kellyorjiude did anyone ever figure this out

@@thelegacygaming4982 it is because of a syntext error

For me, i found my mistake which is located: s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) where I type a '.' instead of ','

I had the same issue, turns out I put a . instead of a , in between the AF_INET and socket.SOCK_STREAM

@@maxregister9210 yes, I fixed my also. But for me it works whet i completely reload Debbuger and vulnserv)

are you telling or asking?

I found the issue

@@steveshawcross855 tell me bro you can save my life 😂

Thank you for the nice words :). Spike is the easiest way to teach it. You could definitely create your own Python script to do the same thing!

And i was send 3500 A's then not crashed

I'm unsure to be honest?

@@TCMSecurityAcademy mine crashing at 100 everytime but it shows running in immunity debugger

@@harjotsaini1038 Did you figured out the issue? I have reviewed the code multiple times and I get "Fuzzing crashed at 100 bytes"

@@jgaldi1615 yes bro I don't remember the line number but I was using . Insted of this ,

Because you dont exploit it on the victims machine until you build an exploit out through research and development. That's why these tools exist.

I like it like this. I think most people do. You shouldn't be following along on your phone anyways, where are your VMs setup?

the error is telling you the issue. check your indentation. python uses tabs

You have an unexpected indent (tab) spacing in your program. Line 6 of your code contains the problem.