Bed
Jump to navigation
Jump to search
Description
BED (aka Bruteforce Exploit Detector) is a plain-text protocol fuzzer that checks software for common vulnerabilities like buffer overflows, format string bugs, integer overflows, etc.
Written in Perl by mjm and Eric Sesterhenn, the tool currently supports following protocols:
- finger
- ftp
- http
- imap
- irc
- lpd
- pjl
- pop
- smtp
- socks4
- socks5.
Warning
On success, BED will crash the daemon, so do not test on critical and important systems.
Installation
$ cd /data/src/ $ wget http://www.remote-exploit.org/wp-content/uploads/2010/01/bed-0.5.tar.gz $ tar xzvf bed-0.5.tar.gz $ mkdir -p /pentest/fuzzers/ $ mv bed-0.5/ /pentest/fuzzers/bed/
Usage
Basic syntax
$ ./bed.pl -s <plugin> [options]
Options
- -s <plugin>
- Plugin to use (mandatory)
- Valid plugins are: FTP/SMTP/POP/HTTP/IRC/IMAP/PJL/LPD/FINGER/SOCKS4/SOCKS5
- Use "./bed.pl -s <plugin>" to obtain the parameters you need for the plugin.
- -t <target>
- Host to check (default: localhost)
- -p <port>
- Port to connect to (default: standard port)
- -o <timeout>
- seconds to wait after each test (default: 2 seconds)
Examples
FTP
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
SMTP
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
POP
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
HTTP
$ ./bed.pl -s HTTP -t 192.168.100.16 -p 80
BED 0.5 by mjm ( www.codito.de ) & eric ( www.snake-basket.de )
+ Buffer overflow testing:
testing: 1 HEAD XAXAX HTTP/1.0 ...........
testing: 2 HEAD / XAXAX ...........
testing: 3 GET XAXAX HTTP/1.0 ...........
testing: 4 GET / XAXAX ...........
testing: 5 POST XAXAX HTTP/1.0 ...........
testing: 6 POST / XAXAX ...........
testing: 7 GET /XAXAX ...........
testing: 8 POST /XAXAX ...........
+ Formatstring testing:
testing: 1 HEAD XAXAX HTTP/1.0 .......
testing: 2 HEAD / XAXAX .......
testing: 3 GET XAXAX HTTP/1.0 .......
testing: 4 GET / XAXAX .......
testing: 5 POST XAXAX HTTP/1.0 .......
testing: 6 POST / XAXAX .......
testing: 7 GET /XAXAX .......
testing: 8 POST /XAXAX .......
* Normal tests
+ Buffer overflow testing:
testing: 1 User-Agent: XAXAX ...........
testing: 2 Host: XAXAX ...........
testing: 3 Accept: XAXAX ...........
testing: 4 Accept-Encoding: XAXAX ...........
testing: 5 Accept-Language: XAXAX ...........
testing: 6 Accept-Charset: XAXAX ...........
testing: 7 Connection: XAXAX ...........
testing: 8 Referer: XAXAX ...........
testing: 9 Authorization: XAXAX ...........
testing: 10 From: XAXAX ...........
testing: 11 Charge-To: XAXAX ...........
testing: 12 Authorization: XAXAX ...........
testing: 13 Authorization: XAXAX : foo ...........
testing: 14 Authorization: foo : XAXAX ...........
testing: 15 If-Modified-Since: XAXAX ...........
testing: 16 ChargeTo: XAXAX ...........
testing: 17 Pragma: XAXAX ...........
+ Formatstring testing:
testing: 1 User-Agent: XAXAX .......
testing: 2 Host: XAXAX .......
testing: 3 Accept: XAXAX .......
testing: 4 Accept-Encoding: XAXAX .......
testing: 5 Accept-Language: XAXAX .......
testing: 6 Accept-Charset: XAXAX .......
testing: 7 Connection: XAXAX .......
testing: 8 Referer: XAXAX .......
testing: 9 Authorization: XAXAX .......
testing: 10 From: XAXAX .......
testing: 11 Charge-To: XAXAX .......
testing: 12 Authorization: XAXAX .......
testing: 13 Authorization: XAXAX : foo .......
testing: 14 Authorization: foo : XAXAX .......
testing: 15 If-Modified-Since: XAXAX .......
testing: 16 ChargeTo: XAXAX .......
testing: 17 Pragma: XAXAX .......
+ Unicode testing:
testing: 1 User-Agent: XAXAX .......
testing: 2 Host: XAXAX .......
testing: 3 Accept: XAXAX .......
testing: 4 Accept-Encoding: XAXAX .......
testing: 5 Accept-Language: XAXAX .......
testing: 6 Accept-Charset: XAXAX .......
testing: 7 Connection: XAXAX .......
testing: 8 Referer: XAXAX .......
testing: 9 Authorization: XAXAX .......
testing: 10 From: XAXAX .......
testing: 11 Charge-To: XAXAX .......
testing: 12 Authorization: XAXAX .......
testing: 13 Authorization: XAXAX : foo .......
testing: 14 Authorization: foo : XAXAX .......
testing: 15 If-Modified-Since: XAXAX .......
testing: 16 ChargeTo: XAXAX .......
testing: 17 Pragma: XAXAX .......
+ random number testing:
testing: 1 User-Agent: XAXAX .............
testing: 2 Host: XAXAX .............
testing: 3 Accept: XAXAX .............
testing: 4 Accept-Encoding: XAXAX .............
testing: 5 Accept-Language: XAXAX .............
testing: 6 Accept-Charset: XAXAX .............
testing: 7 Connection: XAXAX .............
testing: 8 Referer: XAXAX .............
testing: 9 Authorization: XAXAX .............
testing: 10 From: XAXAX .............
testing: 11 Charge-To: XAXAX .............
testing: 12 Authorization: XAXAX .............
testing: 13 Authorization: XAXAX : foo .............
testing: 14 Authorization: foo : XAXAX .............
testing: 15 If-Modified-Since: XAXAX .............
testing: 16 ChargeTo: XAXAX .............
testing: 17 Pragma: XAXAX .............
+ testing misc strings 1:
testing: 1 User-Agent: XAXAX ...............
testing: 2 Host: XAXAX ...............
testing: 3 Accept: XAXAX ...............
testing: 4 Accept-Encoding: XAXAX ...............
testing: 5 Accept-Language: XAXAX ...............
testing: 6 Accept-Charset: XAXAX ...............
testing: 7 Connection: XAXAX ...............
testing: 8 Referer: XAXAX ...............
testing: 9 Authorization: XAXAX ...............
testing: 10 From: XAXAX ...............
testing: 11 Charge-To: XAXAX ...............
testing: 12 Authorization: XAXAX ...............
testing: 13 Authorization: XAXAX : foo ...............
testing: 14 Authorization: foo : XAXAX ...............
testing: 15 If-Modified-Since: XAXAX ...............
testing: 16 ChargeTo: XAXAX ...............
testing: 17 Pragma: XAXAX ...............
+ testing misc strings 2:
testing: 1 User-Agent: XAXAX ...............
testing: 2 Host: XAXAX ...............
testing: 3 Accept: XAXAX ...............
testing: 4 Accept-Encoding: XAXAX ...............
testing: 5 Accept-Language: XAXAX ...............
testing: 6 Accept-Charset: XAXAX ...............
testing: 7 Connection: XAXAX ...............
testing: 8 Referer: XAXAX ...............
testing: 9 Authorization: XAXAX ...............
testing: 10 From: XAXAX ...............
testing: 11 Charge-To: XAXAX ...............
testing: 12 Authorization: XAXAX ...............
testing: 13 Authorization: XAXAX : foo ...............
testing: 14 Authorization: foo : XAXAX ...............
testing: 15 If-Modified-Since: XAXAX ...............
testing: 16 ChargeTo: XAXAX ...............
testing: 17 Pragma: XAXAX ...............
+ testing misc strings 3:
testing: 1 User-Agent: XAXAX ...............
testing: 2 Host: XAXAX ...............
testing: 3 Accept: XAXAX ...............
testing: 4 Accept-Encoding: XAXAX ...............
testing: 5 Accept-Language: XAXAX ...............
testing: 6 Accept-Charset: XAXAX ...............
testing: 7 Connection: XAXAX ...............
testing: 8 Referer: XAXAX ...............
testing: 9 Authorization: XAXAX ...............
testing: 10 From: XAXAX ...............
testing: 11 Charge-To: XAXAX ...............
testing: 12 Authorization: XAXAX ...............
testing: 13 Authorization: XAXAX : foo ...............
testing: 14 Authorization: foo : XAXAX ...............
testing: 15 If-Modified-Since: XAXAX ...............
testing: 16 ChargeTo: XAXAX ...............
testing: 17 Pragma: XAXAX ...............
[...TRUNCATED...]
+ testing misc strings 19:
testing: 1 User-Agent: XAXAX ...............
testing: 2 Host: XAXAX ...............
testing: 3 Accept: XAXAX ...............
testing: 4 Accept-Encoding: XAXAX ...............
testing: 5 Accept-Language: XAXAX ...............
testing: 6 Accept-Charset: XAXAX ...............
testing: 7 Connection: XAXAX ...............
testing: 8 Referer: XAXAX ...............
testing: 9 Authorization: XAXAX ...............
testing: 10 From: XAXAX ...............
testing: 11 Charge-To: XAXAX ...............
testing: 12 Authorization: XAXAX ...............
testing: 13 Authorization: XAXAX : foo ...............
testing: 14 Authorization: foo : XAXAX ...............
testing: 15 If-Modified-Since: XAXAX ...............
testing: 16 ChargeTo: XAXAX ...............
testing: 17 Pragma: XAXAX ...............
* Other tests:
* All tests done.