This type of attack is
called a buffer over-read, as we can read beyond the bounds of the
designated memory buffer. Similarly, in a buffer overflow attack, a
hacker uses a bug to write beyond the bounds of a designated
buffer. Hackers often use buffer overflow attacks to upload reverse
shells that allow them to control the machine remotely. This process
is called remote code execution (RCE)
maximum transmission unit (MTU)
Fuzzing
Fuzzing techniques attempt to generate inputs that explore all the
possible paths in a program in the hopes of discovering one that will
cause the program to crash or exhibit unintended behavior. Fuzzing
was first proposed in 1988 by Barton Miller, a professor at the
University of Wisconsin.
understand the basic concept behind fuzzing
只要x+y+z!=3,程序就正确执行
One of these paths triggers the assert statement. Consider what
would happen if we supplied inputs of 0, 2, and 1 for a, b, and c.
Notice that this path sets x to 0, y to 1, and z to 2, which triggers the
assert statement
Create a new file called myFuzzer.py and add the following contents: