Syslog Fuzzer is a small perl script tool useful to test some attack vectors against syslog servers.
The first version has support for:
> Buffer Overflows
> Integer Overflows
> Format Strings
Usage:
aitsec@ubuntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -p 514
Syslog Fuzzer v0.1 by Jaime Blasco (c) 2008
www.aitsec.com
-h : Host
-p : Port Number
Example:
aitsec@ubuntu:~/lab/fuzzer_syslog# perl syslog-fuzzer.pl -h 192.1683.76 -p 514
Some ngrep traces:
#
U 192.168.3.10:43647 -> 192.168.3.76:514
<AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>Apr 8 12:20:25 10.0.0.2 fuzzer[10]: Syslog Fuzzer v0.1 by Jaime Blasco (c) 200
8
#
#
U 192.168.3.10:43647 -> 192.168.3.76:514
<0>Apr 8 12:21:23 10.0.0.2 %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%: Syslog Fuzzer v0.1 by Jaime
Blasco (c) 2008
#
#
U 192.168.3.10:43647 -> 192.168.3.76:514
<0xffffffff>Apr 8 12:22:33 10.0.0.2 fuzzer[10]: Syslog Fuzzer v0.1 by Jaime Blasco (c) 2008
#
For the latest version of the tool visit the project's homepage at:
http://www.aitsec.com/syslog-fuzzer.php
