Bed

From aldeid
Jump to: navigation, search

Description

BED (aka Bruteforce Exploit Detector) is a plain-text protocol fuzzer that checks software for common vulnerabilities like buffer overflows, format string bugs, integer overflows, etc.

Written in Perl by mjm and Eric Sesterhenn, the tool currently supports following protocols:

  • finger
  • ftp
  • http
  • imap
  • irc
  • lpd
  • pjl
  • pop
  • smtp
  • socks4
  • socks5.
Ssh-img013.png
Warning
On success, BED will crash the daemon, so do not test on critical and important systems.

Installation

$ cd /data/src/
$ wget http://www.remote-exploit.org/wp-content/uploads/2010/01/bed-0.5.tar.gz
$ tar xzvf bed-0.5.tar.gz
$ mkdir -p /pentest/fuzzers/
$ mv bed-0.5/ /pentest/fuzzers/bed/

Usage

Basic syntax

$ ./bed.pl -s <plugin> [options]

Options

-s <plugin>
Plugin to use (mandatory)
Valid plugins are: FTP/SMTP/POP/HTTP/IRC/IMAP/PJL/LPD/FINGER/SOCKS4/SOCKS5
Use "./bed.pl -s <plugin>" to obtain the parameters you need for the plugin.
-t <target>
Host to check (default: localhost)
-p <port>
Port to connect to (default: standard port)
-o <timeout>
seconds to wait after each test (default: 2 seconds)

Examples

FTP

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

SMTP

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

POP

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

HTTP

$ ./bed.pl -s HTTP -t 192.168.100.16 -p 80

 BED 0.5 by mjm ( www.codito.de ) & eric ( www.snake-basket.de )

 + Buffer overflow testing:
                testing: 1      HEAD XAXAX HTTP/1.0     ...........
                testing: 2      HEAD / XAXAX    ...........
                testing: 3      GET XAXAX HTTP/1.0      ...........
                testing: 4      GET / XAXAX     ...........
                testing: 5      POST XAXAX HTTP/1.0     ...........
                testing: 6      POST / XAXAX    ...........
                testing: 7      GET /XAXAX      ...........
                testing: 8      POST /XAXAX     ...........
 + Formatstring testing:
                testing: 1      HEAD XAXAX HTTP/1.0     .......
                testing: 2      HEAD / XAXAX    .......
                testing: 3      GET XAXAX HTTP/1.0      .......
                testing: 4      GET / XAXAX     .......
                testing: 5      POST XAXAX HTTP/1.0     .......
                testing: 6      POST / XAXAX    .......
                testing: 7      GET /XAXAX      .......
                testing: 8      POST /XAXAX     .......
* Normal tests
 + Buffer overflow testing:
                testing: 1      User-Agent: XAXAX       ...........
                testing: 2      Host: XAXAX     ...........
                testing: 3      Accept: XAXAX   ...........
                testing: 4      Accept-Encoding: XAXAX  ...........
                testing: 5      Accept-Language: XAXAX  ...........
                testing: 6      Accept-Charset: XAXAX   ...........
                testing: 7      Connection: XAXAX       ...........
                testing: 8      Referer: XAXAX  ...........
                testing: 9      Authorization: XAXAX    ...........
                testing: 10     From: XAXAX     ...........
                testing: 11     Charge-To: XAXAX        ...........
                testing: 12     Authorization: XAXAX    ...........
                testing: 13     Authorization: XAXAX : foo      ...........
                testing: 14     Authorization: foo : XAXAX      ...........
                testing: 15     If-Modified-Since: XAXAX        ...........
                testing: 16     ChargeTo: XAXAX ...........
                testing: 17     Pragma: XAXAX   ...........
 + Formatstring testing:
                testing: 1      User-Agent: XAXAX       .......
                testing: 2      Host: XAXAX     .......
                testing: 3      Accept: XAXAX   .......
                testing: 4      Accept-Encoding: XAXAX  .......
                testing: 5      Accept-Language: XAXAX  .......
                testing: 6      Accept-Charset: XAXAX   .......
                testing: 7      Connection: XAXAX       .......
                testing: 8      Referer: XAXAX  .......
                testing: 9      Authorization: XAXAX    .......
                testing: 10     From: XAXAX     .......
                testing: 11     Charge-To: XAXAX        .......
                testing: 12     Authorization: XAXAX    .......
                testing: 13     Authorization: XAXAX : foo      .......
                testing: 14     Authorization: foo : XAXAX      .......
                testing: 15     If-Modified-Since: XAXAX        .......
                testing: 16     ChargeTo: XAXAX .......
                testing: 17     Pragma: XAXAX   .......
 + Unicode testing:
                testing: 1      User-Agent: XAXAX       .......
                testing: 2      Host: XAXAX     .......
                testing: 3      Accept: XAXAX   .......
                testing: 4      Accept-Encoding: XAXAX  .......
                testing: 5      Accept-Language: XAXAX  .......
                testing: 6      Accept-Charset: XAXAX   .......
                testing: 7      Connection: XAXAX       .......
                testing: 8      Referer: XAXAX  .......
                testing: 9      Authorization: XAXAX    .......
                testing: 10     From: XAXAX     .......
                testing: 11     Charge-To: XAXAX        .......
                testing: 12     Authorization: XAXAX    .......
                testing: 13     Authorization: XAXAX : foo      .......
                testing: 14     Authorization: foo : XAXAX      .......
                testing: 15     If-Modified-Since: XAXAX        .......
                testing: 16     ChargeTo: XAXAX .......
                testing: 17     Pragma: XAXAX   .......
 + random number testing:
                testing: 1      User-Agent: XAXAX       .............
                testing: 2      Host: XAXAX     .............
                testing: 3      Accept: XAXAX   .............
                testing: 4      Accept-Encoding: XAXAX  .............
                testing: 5      Accept-Language: XAXAX  .............
                testing: 6      Accept-Charset: XAXAX   .............
                testing: 7      Connection: XAXAX       .............
                testing: 8      Referer: XAXAX  .............
                testing: 9      Authorization: XAXAX    .............
                testing: 10     From: XAXAX     .............
                testing: 11     Charge-To: XAXAX        .............
                testing: 12     Authorization: XAXAX    .............
                testing: 13     Authorization: XAXAX : foo      .............
                testing: 14     Authorization: foo : XAXAX      .............
                testing: 15     If-Modified-Since: XAXAX        .............
                testing: 16     ChargeTo: XAXAX .............
                testing: 17     Pragma: XAXAX   .............
 + testing misc strings 1:
                testing: 1      User-Agent: XAXAX       ...............
                testing: 2      Host: XAXAX     ...............
                testing: 3      Accept: XAXAX   ...............
                testing: 4      Accept-Encoding: XAXAX  ...............
                testing: 5      Accept-Language: XAXAX  ...............
                testing: 6      Accept-Charset: XAXAX   ...............
                testing: 7      Connection: XAXAX       ...............
                testing: 8      Referer: XAXAX  ...............
                testing: 9      Authorization: XAXAX    ...............
                testing: 10     From: XAXAX     ...............
                testing: 11     Charge-To: XAXAX        ...............
                testing: 12     Authorization: XAXAX    ...............
                testing: 13     Authorization: XAXAX : foo      ...............
                testing: 14     Authorization: foo : XAXAX      ...............
                testing: 15     If-Modified-Since: XAXAX        ...............
                testing: 16     ChargeTo: XAXAX ...............
                testing: 17     Pragma: XAXAX   ...............
 + testing misc strings 2:
                testing: 1      User-Agent: XAXAX       ...............
                testing: 2      Host: XAXAX     ...............
                testing: 3      Accept: XAXAX   ...............
                testing: 4      Accept-Encoding: XAXAX  ...............
                testing: 5      Accept-Language: XAXAX  ...............
                testing: 6      Accept-Charset: XAXAX   ...............
                testing: 7      Connection: XAXAX       ...............
                testing: 8      Referer: XAXAX  ...............
                testing: 9      Authorization: XAXAX    ...............
                testing: 10     From: XAXAX     ...............
                testing: 11     Charge-To: XAXAX        ...............
                testing: 12     Authorization: XAXAX    ...............
                testing: 13     Authorization: XAXAX : foo      ...............
                testing: 14     Authorization: foo : XAXAX      ...............
                testing: 15     If-Modified-Since: XAXAX        ...............
                testing: 16     ChargeTo: XAXAX ...............
                testing: 17     Pragma: XAXAX   ...............
 + testing misc strings 3:
                testing: 1      User-Agent: XAXAX       ...............
                testing: 2      Host: XAXAX     ...............
                testing: 3      Accept: XAXAX   ...............
                testing: 4      Accept-Encoding: XAXAX  ...............
                testing: 5      Accept-Language: XAXAX  ...............
                testing: 6      Accept-Charset: XAXAX   ...............
                testing: 7      Connection: XAXAX       ...............
                testing: 8      Referer: XAXAX  ...............
                testing: 9      Authorization: XAXAX    ...............
                testing: 10     From: XAXAX     ...............
                testing: 11     Charge-To: XAXAX        ...............
                testing: 12     Authorization: XAXAX    ...............
                testing: 13     Authorization: XAXAX : foo      ...............
                testing: 14     Authorization: foo : XAXAX      ...............
                testing: 15     If-Modified-Since: XAXAX        ...............
                testing: 16     ChargeTo: XAXAX ...............
                testing: 17     Pragma: XAXAX   ...............

[...TRUNCATED...]

 + testing misc strings 19:
                testing: 1      User-Agent: XAXAX       ...............
                testing: 2      Host: XAXAX     ...............
                testing: 3      Accept: XAXAX   ...............
                testing: 4      Accept-Encoding: XAXAX  ...............
                testing: 5      Accept-Language: XAXAX  ...............
                testing: 6      Accept-Charset: XAXAX   ...............
                testing: 7      Connection: XAXAX       ...............
                testing: 8      Referer: XAXAX  ...............
                testing: 9      Authorization: XAXAX    ...............
                testing: 10     From: XAXAX     ...............
                testing: 11     Charge-To: XAXAX        ...............
                testing: 12     Authorization: XAXAX    ...............
                testing: 13     Authorization: XAXAX : foo      ...............
                testing: 14     Authorization: foo : XAXAX      ...............
                testing: 15     If-Modified-Since: XAXAX        ...............
                testing: 16     ChargeTo: XAXAX ...............
                testing: 17     Pragma: XAXAX   ...............
* Other tests:
* All tests done.