ELF44 ($!444444 o o   o oHHH QtdRtd o o/lib/ld-linux.so.2GNU%("#! & $'   % %#$ %&')KHP ks<0 )zBZ/7|<|__gmon_start__libc.so.6_IO_stdin_usedsocketfflushexithtonsfopenconnectinet_ntoa__stack_chk_failputcharlistenstrlensendmemsetstrstrbindgetoptstdoutfputcrecvinet_addrfputsfclosesetsockoptgetpeernameoptarggethostbynamefwriteatoifprintfacceptsleepstrcmp__libc_start_mainsnprintfGLIBC_2.4GLIBC_2.1GLIBC_2.0ii 8ii Bii Lo|%|'ppp ppppp p $p (p ,p 0p 4p8pƋU@{E$?‹t$ED$\$T$L$ D$/D$$}(uD$$)},u2UE@D$EU E D$ED$D$8E(D$E$D$ D$<T$E$з}u6U E D$ED$E(D$E$D$ D$<T$E$蔷}U E D$ED$E(D$E$D$ D$:<T$E$T}u)E D$8U(T$ D$X<D$E$ }u0U D$8E(D$E$D$ D$d<T$E$}u(U E(D$E$D$ D$r<T$E$輶}u(U E(D$E$D$ D$<T$E$莶E$蓵D$ D$ED$E$5D$D$E$ڴD$ D$ED$E$x$ܵU(ED$D$E$芴}u0UE(D$D$8E$D$ D$<T$E$ĵ}u7UE(D$E D$D$8E$D$ D$<T$E$臵E$茴D$ D$ED$E $.D$D$E$ӳD$ D$ED$E $q$մUWVSE D$D$E$}}uO{M E(D$$T$ E D$ED$D$8E0D$E$D$ D$<L$E$蘴} },|| ||5x|=t|l|h|`|\|T|P|D|<|8|0|,| |{E D$pT$lL$h\$dt$`|$\D$XD$TD$PD$LD$HD$DE0D$@D$D$E$蘭},|| ||5x|=t|l|h|`|\|P|D|<|8|0|,|$| |{E D$pT$lL$h\$dt$`|$\D$XD$TD$PD$LE(D$HD$DE0D$@D$D$E$ޫ},|| ||5x|=t|l|h|\|T|P|D|<|8|0|,|$| |{E D$pT$lL$h\$dt$`|$\D$XD$TE(D$PD$LD$HD$DE0D$@D$D$mAET$-E}uETD$$oA!$%ED$ D$D$$A2ED$E D$ ED$D$AE$ED$D$ D$ED$E$Ѭ}uE@D$D$AE$Ѡ} u0U< |E@D$ T$D$AE$蛠} u(ELD$EHD$ EDD$D$(BE$mE8D$D$DBE$S}u!E {D$D$PBE$,},t},u!EŤuD$D$^BE$},t},u!E0D$ E$D$D$tBE$ҟ},t},u!E4D$ E(D$D$BE$襟ED$$ ŸE$ETD$$B$}X~ $ RUWVS|#}(t}(u EŠuE}(t}(uE E}(t }(u}u EzE}(t}(uE$E}(t }(u}u E{EE,D$$BqD$CE,$NE}uE,D$$oAB$F}u_E,D$ D$pD$CE$^E D$D$3CE$DED$ D$ D$$CC}ufE,D$ D$pD$CE$E D$ ED$D$PCE$؝ED$ D$ D$$CC襝}u'}u!E4D$ ED$D$pCE$舝}u'}u!E4D$ ED$D$zCE$[}u(}u"ED$ D$8D$CE$-}u/}u)ED$E4D$ D$8D$CE$}ur}ul}(u0E4@yED$T$ D$8D$CE$趜}(u0E4@yED$T$ D$8D$CE$耜}}}(u7E4@yED$ED$T$ D$8D$CE$/}(u7E4@yED$ED$T$ D$8D$CE$}(u7E4@yED$ED$T$ D$8D$CE$赛}(u7E4@yED$ED$T$ D$8D$CE$x}u}t }}uH zE4DyE4@yED$L$\$T$ D$8D$CE$}-}8|| |{5{={{{{{{{zyD$LT$HL$D\$@t$<|$8D$4D$0D$,D$(E|UD$&D$A$@ lzu@ D$LD$A$@%Fzu@%D$4D$A$$ zu$D$hD$A$yuD$ D$A$ yu D$t@D$A$|yu|D$D$A$@%yu@%D$D$A$byuD$D$A$  Hzzp Hypertext Transfer Protocol Fuzzer rush@KL (Jeremy Brown) USAGE: %s <-C/-S/-E/-B> SELECTIONS OPTIONAL: -T [Target] -P [Port] [-L Log.file] [-A exploit.pl] [-V] [-D] -C Client Side Fuzzing 1 (Protocol) 2 (Protocol Version) 3 (Status Code) 4 (Status Phrase) 5 (Response Headers) 6 (Response Header Fields) [-s status code] 7 (Basic Authentication) 8 (Digest Authentication) [-p /path] -S Server Side Fuzzing 1 (Method) 2 (Request) 3 (Request Port) 4 (Protocol) 5 (Protocol Version) 6 (Request Headers) 7 (Request Header Fields) [-m method] 8 (Basic Authentication) 9 (Digest Authentication) 10 (Query Parameters) -p [/path] -b [beginning query data] -x [parameter to fuzz] -e [ending query data] -E Exploit Generation -B (Fetch Banner) -T PREFERENCES: -c [Custom Fuzzing Data] -h [Custom Header] -d [Digest #] -y [Oracle #] -z [Header #] INFORMATION: [-F Fuzzing Oracle] [-H Headers] [-J Digest Directives] [-M Methods] [-O Status Codes] /ptf=T:P:L:A:VDE:FHJMOC:S:m:s:d:y:z:b:x:e:c:h:p:BDEBUG: m = %d, mo = %d, fzn = %d, hdn = %d, cu = %d, vb = %d, db = %d, lg = %d, lgf = %s, exg = %d, exf = %s, mth = %d, sc = %d, dir = %d, path = %s, bqd = %s, ptf = %s, eqd = %s ȎҎ~܎i \ɏXӏ(ݏ@phzzp_error: target not sethzzp_error: socket()hzzp_error: gethostbyname(%s) hzzp_error: connect(%s:%d) Server:hzzp_error: banner_not_found(%s:%d) %s %s[%s]:%d --> %s Overflow: A x 550Overflow: A x 1100Overflow: A x 2100Overflow: A x 4200Overflow: A x 8400Overflow: A x 16500Overflow: A x 33000Overflow: A x 65800Overflow: A x 131200Overflow: A x 262400Overflow: A x 525000Overflow: A x 1050000Format String: %n x 5Format String: %p x 5Format String: %s x 5Format String: %d x 5Format String: %x x 5Format String: %s%p%x%dFormat String: %.1024dFormat String: %.1025dFormat String: %.2048dFormat String: %.2049dFormat String: %.4096dFormat String: %.4097dFormat String: %99999999999sFormat String: %08xFormat String: %%20nFormat String: %%20pFormat String: %%20sFormat String: %%20dFormat String: %%20xFormat String: %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%Number: 0Number: -0Number: 1Number: -1Number: 32767Number: -32768Number: 65535Number: 65536Number: 65537Number: 16777215Number: 16777216Number: 16777217Number: 2147483647Number: -2147483647Number: 2147483648Number: -2147483648Number: 4294967294Number: 4294967295Number: 4294967296Number: 357913942Number: -357913942Number: 536870912Number: -536870912Number: 5e-324Number: 1.79769313486231E+308Number: 3.39519326559384E-313Number: 0xffffNumber: 0xfffffffNumber: 0xffffffffNumber: 0xfffffffeNumber: 0x3fffffffNumber: 0x7fffffffNumber: 0x7ffffffeNumber: 0x100Number: 0x1000Number: 0x10000Number: 0x100000Number: 0x80000000Number: -268435455Number: 0x99999999Number: 99999999999Number: -99999999999Misc Bug: test|touch /tmp/FU_ZZ_ED|testMisc Bug: test`touch /tmp/FU_ZZ_ED`testMisc Bug: test'touch /tmp/FU_ZZ_ED'testMisc Bug: test;touch /tmp/FU_ZZ_ED;testMisc Bug: test&&touch /tmp/FU_ZZ_ED&&testMisc Bug: test|C:/WINDOWS/system32/calc.exe|testMisc Bug: test`C:/WINDOWS/system32/calc.exe`testMisc Bug: test'C:/WINDOWS/system32/calc.exe'testMisc Bug: test;C:/WINDOWS/system32/calc.exe;testMisc Bug: C:/WINDOWS/system32/calc.exeMisc Bug: |/bin/sh|Misc Bug: `/bin/sh`Misc Bug: %0xaMisc Bug: %u000Misc Bug: `~@#$Misc Bug: %^&*()Misc Bug: -=_+Misc Bug: []{}Misc Bug: |;\':Misc Bug: ,./<>Misc Bug: \nMisc Bug: \n\nContinueSwitching ProtocolsOKCreatedAcceptedNon-Authoritative InformationNo ContentReset ContentPartial ContentMultiple ChoicesMoved PermanentlyFoundSee OtherNot ModifiedUse ProxyTemporary RedirectBad RequestUnauthorizedForbiddenNot FoundMethod Not AllowedNot AcceptableProxy Authentication RequiredRequest TimeoutConflictGoneLength RequiredPrecondition FailedRequest Entity Too LargeRequest-URI Too LongUnsupported Media TypeRequest Range Not SatisfiableExpectation FailedInternal Server ErrorNot ImplementedBad GatewayService UnavailableGateway TimeoutHTTP Version Not SupportedAccept-RangesAgeAllowCache-ControlComplianceConnectionContent-EncodingContent-LanguageContent-LengthContent-LocationContent-MD5Content-RangeContent-TypeDateETagExpiresIf-RangeLast-ModifiedLocationNon-CompliancePragmaProxy-AuthenticateRetry-AfterServerTrailerTransfer-EncodingUpgradeVaryViaWarningWWW-AuthenticateAcceptAccept-CharsetAccept-EncodingAccept-LanguageAuthorizationExpectFromHostIf-MatchIf-Modified-SinceIf-None-MatchIf-Unmodified-SinceMax-ForwardsProxy-AuthorizationRangeRefererTEUser-AgentOPTIONSGETHEADPOSTPUTDELETETRACECONNECTrealm"Hzzp"\"Hzzp\"domainnonce"w00tw00tw00tw00tw00tw00tw00tw00t"\"w00tw00tw00tw00tw00tw00tw00tw00t\"opaquestale"false"\"false\"algorithm"MD5"\"MD5\"qop"auth"\"auth\"username"w00t"\"w00t\"uriresponse"wt00wt00wt00wt00wt00wt00wt00wt00"\"wt00wt00wt00wt00wt00wt00wt00wt00\"cnonce"t00wt00wt00wt00wt00wt00wt00wt00w"\"t00wt00wt00wt00wt00wt00wt00wt00w\"nc"12344321"\"12344321\"Fuzzing ProtocolFuzzing Protocol VersionFuzzing Status CodeFuzzing Status PhraseFuzzing Response HeadersFuzzing Response Header FieldsFuzzing Basic AuthenticationFuzzing Digest AuthenticationFuzzing MethodFuzzing RequestFuzzing Request PortFuzzing Request HeadersFuzzing Request Header FieldsFuzzing Query ParametersExploit Generation ********** [%s] ********** Krakow Labs Development -> Hzzp ********** [%s] ********** Mode: %s INFO: Hzzp -> CLIENT MODE INITALIZING...VERBOSE: Creating Socket... hzzp_error: socket()hzzp_error: setsockopt()SUCCESS VERBOSE: Binding to PORT %d... hzzp_error: bind(%d) SUCCESS VERBOSE: Listening on Socket... hzzp_error: listen()SUCCESSINFO: Hzzp -> Waiting for Connections...%shzzp_error: accept()hzzp_error: getpeername()INFO: Hzzp -> FINISHED!VERBOSE: [%d] Client %s connected --> Fuzzing Protocol: (%s) VERBOSE: [%d] Client %s connected --> Fuzzing Protocol: (CFD: %s [%d bytes]) VERBOSE: [%d] Client %s connected --> Fuzzing Protocol Version: (%s) VERBOSE: [%d] Client %s connected --> Fuzzing Protocol Version: (CFD: %s [%d bytes]) VERBOSE: [%d] Client %s connected --> Fuzzing Status Code: (%s) VERBOSE: [%d] Client %s connected --> Fuzzing Status Code: (CFD: %s [%d bytes]) VERBOSE: [%d] Client %s connected --> Fuzzing Status Phrase: (%s) VERBOSE: [%d] Client %s connected --> Fuzzing Status Phrase: (CFD: %s [%d bytes]) VERBOSE: [%d] Client %s connected --> Fuzzing Response Headers: (%s) VERBOSE: [%d] Client %s connected --> Fuzzing Response Headers: (CFD: %s [%d bytes]) VERBOSE: [%d] Client %s connected --> Fuzzing [%d/%s] Response Header Fields: (%s + %s) VERBOSE: [%d] Client %s connected --> Fuzzing [%d/%s] Response Header Fields: (%s + CFD: %s [%d bytes]) VERBOSE: [%d] Client %s connected --> Fuzzing [%d/%s] Response Header Fields: (CHD: %s [%d bytes] + %s) VERBOSE: [%d] Client %s connected --> Fuzzing [%d/%s] Response Header Fields: (CHD: %s [%d bytes] + CFD: %s [%d bytes]) VERBOSE: [%d] Client %s connected --> Fuzzing Basic Client Authentication: (%s) VERBOSE: [%d] Client %s connected --> Fuzzing Basic Client Authentication: (CFD: %s [%d bytes]) VERBOSE: [%d] Client %s connected --> Fuzzing Digest Client Authentication: (%s + %s) VERBOSE: [%d] Client %s connected --> Fuzzing Digest Client Authentication: (%s + CFD: %s [%d bytes]) DEBUG: cnt = %d, fzn = %d, hdn = %d, sc = %d, dir = %d INFO: Hzzp -> SERVER MODE INITALIZING...hzzp_error: gethostbyname(%s) SUCCESS VERBOSE: Connecting to %s:%d... hzzp_error: connect(%s:%d) ALERT: ***** Hzzp might have found a bug! ***** INFO: Hzzp -> Fuzzing Target...VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Method: (%s) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Method: (CFD: %s [%d bytes]) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Request: (%s) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Request: (CFD: %s [%d bytes]) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Request Port: (%s) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Request Port: (CFD: %s [%d bytes]) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Protocol: (%s) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Protocol: (CFD: %s [%d bytes]) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Protocol Version: (%s) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Protocol Version: (CFD: %s [%d bytes]) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Request Headers: (%s) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Request Headers: (CFD: %s [%d bytes]) VERBOSE: [%d] Target @ [%s]:%d --> Request Header Fields: (%s + %s) VERBOSE: [%d] Target @ [%s]:%d --> Request Header Fields: (%s + CFD: %s [%d bytes]) VERBOSE: [%d] Target @ [%s]:%d --> Request Header Fields: (CHD: %s [%d bytes] + %s) VERBOSE: [%d] Target @ [%s]:%d --> Request Header Fields: (CHD: %s [%d bytes] + CFD: %s [%d bytes]) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Basic Server Authentication: (%s) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Basic Server Authentication: (CFD: %s [%d bytes]) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Digest Server Authentication: (%s + %s) VERBOSE: [%d] Target @ [%s]:%d --> Fuzzing Digest Server Authentication: (%s + CFD: %s [%d bytes]) VERBOSE: [%d] Target @ [%s]:%d --> Query Fuzzing: (%s + %s) VERBOSE: [%d] Target @ [%s]:%d --> Query Fuzzing: (%s + CFD: %s [%d bytes]) DEBUG: cnt = %d, fzn = %d, hdn = %d, mthd = %s, dir = %d DEBUG: len = %d %s/1.1 %d %sHTTP/%s %d %sHTTP/1.1%s %s %s%s %d %s %s%s %d %s: Hzzp %s%s %d %s: %s %s%s %d %s %s: Basic realm="%s" %s%s %d %s %s: Digest %s="%s", %s="%s", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s %s%s %d %s %s: Digest %s=%s, %s="%s", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s %s%s %d %s %s: Digest %s=%s, %s="%s", %s="%s", %s=%s, %s=%s, %s=%s, %s=%s %s%s %d %s %s: Digest %s=%s, %s="%s", %s=%s, %s="%s", %s=%s, %s=%s, %s=%s %s%s %d %s %s: Digest %s=%s, %s="%s", %s=%s, %s=%s, %s="%s", %s=%s, %s=%s %s%s %d %s %s: Digest %s=%s, %s="%s", %s=%s, %s=%s, %s=%s, %s="%s", %s=%s %s%s %d %s %s: Digest %s=%s, %s="%s", %s=%s, %s=%s, %s=%s, %s=%s, %s="%s" %s/DEBUG: len = %d, method = %s %s %s:%d %s Host: %s:%d %s %s:%s %s Host: %s:%d %s %s:%d %s/1.1 Host: %s:%d %s %s:%d HTTP/%s Host: %s:%d %s * %s Host: %s:%d %s %s %s Host: %s:%d %s * %s/1.1 Host: %s:%d %s * HTTP/%s Host: %s:%d %s / %s %s /%s %s %s / %s/1.1 %s / HTTP/%s %s / %s %s: Hzzp %s / %s %s: %s %s %s %s Host: %s:%d %s: Basic %s %s %s %s Host: %s:%d %s: Digest %s="%s", %s=%s, %s=%s, %s="%s", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s, %s=%s %s %s %s Host: %s:%d %s: Digest %s=%s, %s="%s", %s=%s, %s="%s", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s, %s=%s %s %s %s Host: %s:%d %s: Digest %s=%s, %s=%s, %s="%s", %s="%s", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s, %s=%s %s %s %s Host: %s:%d %s: Digest %s=%s, %s=%s, %s=%s, %s="%s", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s, %s=%s %s %s %s Host: %s:%d %s: Digest %s=%s, %s=%s, %s=%s, %s="%s", %s="%s", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s %s %s %s Host: %s:%d %s: Digest %s=%s, %s=%s, %s=%s, %s="%s", %s=%s, %s="%s", %s=%s, %s=%s, %s=%s, %s=%s %s %s %s Host: %s:%d %s: Digest %s=%s, %s=%s, %s=%s, %s="%s", %s=%s, %s=%s, %s="%s", %s=%s, %s=%s, %s=%s %s %s %s Host: %s:%d %s: Digest %s=%s, %s=%s, %s=%s, %s="%s", %s=%s, %s=%s, %s=%s, %s="%s", %s=%s, %s=%s %s %s %s Host: %s:%d %s: Digest %s=%s, %s=%s, %s=%s, %s="%s", %s=%s, %s=%s, %s=%s, %s=%s, %s="%s", %s=%s %s %s %s Host: %s:%d %s: Digest %s=%s, %s=%s, %s=%s, %s="%s", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s, %s="%s" %s %s%s%s%s%s HTTP/1.1 Host: %s ahzzp_error: fopen(%s) Hzzp might have found a bug! Host: %s [%s] -> Port %d Basic Authentication [Protected Path: %s] Digest Authentication [Directive: %s] [Protected Path: %s] Query Fuzzing [%s "%s" %s] Method: %s Header: "%s" Fuzzing Data: "%s" Custom Fuzzing Data: %s [%d bytes] Custom Header Data: %s [%d bytes] INFO: Hzzp -> Details logged in %s INFO: Generating Exploit... w#!/usr/bin/perl %s # %s use IO::Socket; $port = %d; $payload = "$target = "%s"; $port = %d; %s/1.1 %dHTTP/%s %d%s %s%s %d %s%s %d\r\n%s: Hzzp%s %d\r\n%s: %s%s %d %s\r\n%s: Basic realm=\"%s\"%s %d %s\r\n%s: Digest %s=\"%s\", %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s\"%s %d %s\r\n%s: Digest %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s\"%s %d %s\r\n%s: Digest %s=%s, %s=\"%s\", %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s%s %d %s\r\n%s: Digest %s=%s, %s=\"%s\", %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s%s %d %s\r\n%s: Digest %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=\"%s\", %s=%s, %s=%s%s %d %s\r\n%s: Digest %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=\"%s\", %s=%s%s %d %s\r\n%s: Digest %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s, %s=\"%s\"%s $target:$port %s\r\nHost: $target:$port%s %s:$port %s\r\nHost: $target:$port%s $target:%s %s\r\nHost: $target:$port%s $target:$port %s/1.1\r\nHost: $target:$port%s $target:$port HTTP/%s\r\nHost: $target:$port%s * %s\r\nHost: $target:$port%s %s %s\r\nHost: $target:$port%s * %s/1.1\r\nHost: $target:$port%s * HTTP/%s\r\nHost: $target:$port%s /Hzzp %s%s /%s %s%s /Hzzp %s/1.1%s /Hzzp HTTP/%s%s / %s\r\n%s: Hzzp%s / %s%s: Hzzp%s / %s\r\n%s: %s%s %s %s\r\nHost: $target:$port\r\n%s: Basic %s%s %s %s\r\nHost: $target:$port\r\n%s: Digest %s=\"%s\", %s=%s, %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s, %s=%s%s %s %s\r\nHost: $target:$port\r\n%s: Digest %s=%s, %s=\"%s\", %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s, %s=%s%s %s %s\r\nHost: $target:$port\r\n%s: Digest %s=%s, %s=%s, %s=\"%s\", %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s, %s=%s%s %s %s\r\nHost: $target:$port\r\n%s: Digest %s=%s, %s=%s, %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s, %s=%s%s %s %s\r\nHost: $target:$port\r\n%s: Digest %s=%s, %s=%s, %s=%s, %s=\"%s\", %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s%s %s %s\r\nHost: $target:$port\r\n%s: Digest %s=%s, %s=%s, %s=%s, %s=\"%s\", %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s%s %s %s\r\nHost: $target:$port\r\n%s: Digest %s=%s, %s=%s, %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s%s %s %s\r\nHost: $target:$port\r\n%s: Digest %s=%s, %s=%s, %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=\"%s\", %s=%s, %s=%s%s %s %s\r\nHost: $target:$port\r\n%s: Digest %s=%s, %s=%s, %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s, %s=\"%s\", %s=%s%s %s %s\r\nHost: $target:$port\r\n%s: Digest %s=%s, %s=%s, %s=%s, %s=\"%s\", %s=%s, %s=%s, %s=%s, %s=%s, %s=%s, %s=\"%s\"\r\n\r\n"; $serv = IO::Socket::INET->new(Proto=>'tcp', LocalPort=>$port, Listen=>1) or die "Error: listen($port)\n"; $cli = $serv->accept() or die "Error: accept()\n"; $cli->recv($buf, 512); $cli->send($payload); close($cli); close($serv);$sock = IO::Socket::INET->new(Proto=>'tcp', PeerHost=>$target, PeerPort=>$port) or die "Error: $target:$port\n"; $sock->send($payload); close($sock);INFO: Generation Successful! --> %s Fuzzing Oracle [%d] %s HTTP Response Headers (including gen/ent) HTTP Request Headers (including gen/ent) HTTP Digest Directives (Client Fuzzing) HTTP Digest Directives (Server Fuzzing) HTTP Methods HTTP Status Codes [%d] %d -> %s  p hoPЂ V o P8ooo oƈֈ&6FVfvƉ։&6FVfvƊ֊# Krakow Labs Development [www.krakowlabs.com] # Exploit Generated by Hzzp%n%n%n%n%n%p%p%p%p%p%s%s%s%s%s%d%d%d%d%d%x%x%x%x%x%s%p%x%d%.1024d%.1025d%.2048d%.2049d%.4096d%.4097d%99999999999s%08x%%20n%%20p%%20s%%20d%%20x%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%0-01-132767-327686553565536655371677721516777216167772172147483647-21474836472147483648-2147483648429496729442949672954294967296357913942-357913942536870912-5368709125e-3241.79769313486231E+3083.39519326559384E-3130xffff0xfffffff0xffffffff0xfffffffe0x3fffffff0x7fffffff0x7ffffffe0x1000x10000x100000x1000000x80000000-2684354550x9999999999999999999-99999999999test|touch /tmp/FU_ZZ_ED|testtest`touch /tmp/FU_ZZ_ED`testtest'touch /tmp/FU_ZZ_ED'testtest;touch /tmp/FU_ZZ_ED;testtest&&touch /tmp/FU_ZZ_ED&&testtest|C:/WINDOWS/system32/calc.exe|testtest`C:/WINDOWS/system32/calc.exe`testtest'C:/WINDOWS/system32/calc.exe'testtest;C:/WINDOWS/system32/calc.exe;testC:/WINDOWS/system32/calc.exe|/bin/sh|`/bin/sh`%0xa%u000`~@#$%^&*()-=_+[]{}|;\':,./<> LML_LrLLLLLLLLL& q<qR!qh,q~7qBqKqSq[qcqkqsq5{qLqiq}qqqqqr8rBrMrW rbrprr$r*r3rKrakow Labs Development - Hzzp

Hzzp :)

d e       !,!-&!.8!/>!0H!1U!3_!r!~!!!!!!!!!! "!":"O"f""""""""### #.#9#D#U#f#u#############$$$#$5$=$B$F$N$_$f$u$$#$ #.#9#D#U#f#u#####$#$$$$$#$#$##$%% %$#$5$#%B$F$.%6%:%?%D%H%O%U%]%c%j%s%z%%%%%%%%%%%%&& &&&$&]%c%j%z%%%-&1&<&`&%%%&&&%%%&& &&&&GCC: (Ubuntu 4.3.2-1ubuntu12) 4.3.2GCC: (Ubuntu 4.3.2-1ubuntu12) 4.3.2GCC: (Ubuntu 4.3.2-1ubuntu12) 4.3.2GCC: (Ubuntu 4.3.2-1ubuntu12) 4.3.2GCC: (Ubuntu 4.3.2-1ubuntu12) 4.3.2GCC: (Ubuntu 4.3.2-1ubuntu12) 4.3.2GCC: (Ubuntu 4.3.2-1ubuntu12) 4.3.2GCC: (Ubuntu 4.3.2-1ubuntu12) 4.3.2$p"$24!u_IO_stdin_usedO B=int8)<OK'/build/buildd/glibc-2.8~20080505/build-tree/i386-libc/csu/crti.S/build/buildd/glibc-2.8~20080505/build-tree/glibc-20080505/csuGNU AS 2.18.93p] /tmp/ccPssJzP.s/build/buildd/glibc-2.8~20080505/build-tree/glibc-20080505/csuGNU AS 2.18.93% $ > $ > $ > 4: ; I?  &IU%U%# init.cx /build/buildd/glibc-2.8~20080505/build-tree/i386-libc/csu../sysdeps/genericcrti.Sinitfini.cp!/!=Z!gg//!/!=Z!P& /tmpccPssJzP.s!!!4-!!!GNU C 4.3.2short unsigned intshort int_IO_stdin_usedlong long unsigned int/build/buildd/glibc-2.8~20080505/build-tree/glibc-20080505/csuunsigned charinit.clong long intp/48.symtab.strtab.shstrtab.interp.note.ABI-tag.gnu.hash.dynsym.dynstr.gnu.version.gnu.version_r.rel.dyn.rel.plt.init.text.fini.rodata.eh_frame.ctors.dtors.jcr.dynamic.got.got.plt.data.bss.comment.debug_aranges.debug_pubnames.debug_info.debug_abbrev.debug_line.debug_str.debug_ranges44#HH 5hh<1o,; ЂCPPVKoPXo@g 88p PP  ypp0tP ,88>P o oo o oop | (P%5oJ. 0x+0@p9L#7 \z4HhЂP8 P p   8P ooo ooop|  o,o:oG  ]|l|z oPo o o o  op 0s6 A9sGZ!q _Ws e w3r }  uu r |t@@t'rt'c qu  3o *81\r 7.s =cqCr I@N ]ms{ XuX  z|rSqqxs r @ &r s& 8Pr >O,q T*r ZNs `xhpuo a < ms    a r upt'u#s {q# (~r .@qFNu M[qR rWiY! tr z$r q r@y8p7q FsEr   oZ iu%) 2h6Fz  Ur[sas gu'm~pK`{sr s |sqr   |x Du 'r,q2CcuJr Pg ^o$4srxq }sBq