BOVSTT
Program to detect the existence of remote / local stack-based buffer-overflow vulnerabilities using the
standard communication protocol for each service.
The application allows to customize the testing mechanism of each service through templates, these
templates are simply plain text files, which accept some kind of special words (see STF section), these files
are stored in the folder with a direct association between the protocol and the template and with
the extension STF (Service Tester File).
Currently the application version 2.5 supports the FTP, IMAP, POP3 and SMTP protocol.
To carry out this task the application allows to specify different types of parameters.
Parameters
Aplication Layer Protocol
Description: Specifies the type of protocol to be tested.
Required: Yes
Options: -ap --application-layer-protocol <protocol>
Accepted values: FTP, POP3 or SMTP
Target Hostname IP
Description: Specifies host / ip address to be tested
Required: Yes
Options: -th --target-hostname-ip <hostname>
Accepted values: Any valid host / ip address.
Target Port
Description: Specifies the destination port of the service.
Required: No
Options: -tp --target-port <port>
Accepted values: 1 - 65535
If the user does not enter this parameter the application will automatically try to connect to the default
destination port according to the service and the type of encryption.
For example for POP3 service and SSL encryption the default port would be 995.
Cryptographic Security Protocol
Description: Specifies the type of service encryption.
Required: No
Options: -cp --cryptographic-security-protocol <crypt protocol>
Accepted values: SSL, TLS
Note: No support yet.
Login Username
Description: Specifies the user of the credentials.
Required: No
Options: -lu --login-username <username>
Accepted values: Alphanumeric value.
This parameter allows to customize the authentication mechanism of the protocol.
The application will initiate the authentication protocol through user / password as soon as it reads the
#AUTH macro within the STF file associated with the protocol. If the authentication by user / password fails,
the program will cancel its execution.
Every time the application reads the keyword <login-username> inside the STF file, it will be replaced by the
value of this parameter.
Login Password
Description: Specifies the password of the credentials.
Required: No
Options: -lu --login-password <password>
Accepted values: Alphanumeric value.
This parameter allows to customize the authentication mechanism of the protocol.
Every time the application reads the keyword <login-password> inside the STF file, it will be replaced by the
value of this parameter.
Buffer Size Length
Description: Specifies the buffer size.
Required: No
Options: -bs --buffer-size-length <size>
Accepted values: Numeric value greater than 0.
Default value: 1024
This parameter allows to customize the size of the buffer to send.
Every time the application reads the keyword <buffer> inside the STF file, it will be replaced by the sentence
{ --buffer-character } * { --buffer- size-length }, in this case for example A*1024.
Buffer Character
Description: Specifies the buffer character.
Required: No
Options: -bc --buffer-character <character>
Accepted values: Alphanumeric value.
Default value: ‘A’
Output Verbose
Description: Specifies whether the user wants to obtain more information during the negotiation process
with the remote host.
Required: No
Options: -ov --output-verbose
Accepted values: none
Credits
Description: View the author of the program.
Required: No
Options: -c --credits
Alone: Yes, cannot be combined with another parameter.
Version
Description: View the version of the program.
Required: No
Options: -v --version
Alone: Yes, cannot be combined with another parameter.
STF Files
The STF files could be considered as a template, these are simply plain text files, which accept some kind of
special words, these files are stored in the
folder with a direct association between the protocol
and the template and with the extension STF (Service Tester File).
For example for the FTP protocol there is an STF file in the folder called FTP.stf, for SMTP there is
an STF file called SMTP.stf and so on.
Once the connection to the remote host is established, the application begins to read the corresponding STF
file, later it’ll read line by line until finalizing the file or until it finds an error.
Each line of the file represents a command to send to the remote host, with the particularity that it accepts
a series of keywords that will be translated at runtime, these keywords are as follows:
- <login-username>: Each time the application finds this tag inside the file STF, this will be replaced by
the value of the parameter -lu --login-username entered by the user.
- <login-password>: Each time the application finds this tag inside the file STF, this will be replaced by
the value of the parameter -lp --login-password entered by the user.
- <buffer>: Each time the application finds this tag inside the file STF, this will be replaced by the
values of the parameters { --buffer-character } * { --buffer- size-length } entered by the user.
- <remote-domain>: Each time the application finds this tag inside the file STF, this will be replaced by
the domain value of the parameter -th --target-hostname-ip entered by the user.
These files also accept a series of macros that allow to change the behavior of the testing mechanism, These
macros are as follows:
- #AUTH: Must be entered without further information, implies that all the sentences that follow will
be executed only if the process of authentication has been satisfactory. The authentication process
is automatic, for this it is important that the user has entered the user and password as parameters
in the application.
Its use is not obligatory, but in case of applying it we could send commands to the remote server
where only the authenticated users can have access
- #RETURN <VALUE> : <COMMAND>: The command <COMMAND> will be sent only if a return value
has been returned in the last send process, otherwise the test program will stop, could be
considered as a conditional command, in case the remote host has answered in its last command a
certain value, the system continues with the test.