Practical 4

Name : Premsagar Manoj Pawar

Subject : Cyber Security Lab

Class : BE Computer

Section : B

Roll No : 30

Aim: Study of Vulnerability Analysis Tools in Kali Linux

Fuzzing Tools: BED

BED is a program designed to check daemons for potential buffer overflows, format strings, et. al.

bed -s HTTP -t 172.16.0.7

BED simply sends the commands to the server and checks whether it is still alive afterwards.

Of course this will not detect all bugs of the specified daemon but it will (at least it should) help you to check your software for common vulnerabilities.

BED Package Description

BED stands for Bruteforce Exploit Detector. It is designed to check daemons for potential buffer overflows, format strings et. al.

• Author: mjm, eric

• License: GPLv2

Tools included in the bed package

bed – A network protocol fuzzer

root@kali:~# bed

BED 0.5 by mjm ( www.codito.de )

eric ( www.snake-basket.de )

Usage:

./bed.pl -s <plugin> -t <target> -p <port> -o <timeout> [ depends on the plugin ]

<plugin> = FTP/SMTP/POP/HTTP/IRC/IMAP/PJL/LPD/FINGER/SOCKS4/SOCKS5

<target> = Host to check (default: localhost)

<port> = Port to connect to (default: standard port)

<timeout> = seconds to wait after each test (default: 2 seconds)

use "./bed.pl -s <plugin>" to obtain the parameters you need for the plugin.

Only -s is a mandatory switch.

bed Usage Example

Use the HTTP plugin (-s HTTP) to fuzz the target server (-t 192.168.1.15):

root@kali:~# bed -s HTTP -t 192.168.1.15

BED 0.5 by mjm ( www.codito.de ) & eric ( www.snake-basket.de )

+ Buffer overflow testing:

testing: 1 HEAD XAXAX HTTP/1.0

Bed Command :