0PricingLogin
Ethical Hacking Academy · Lesson

Fuzzing for Crashes

Find the offset.

What Is Fuzzing?

Fuzzing is sending malformed or oversized input to a program to trigger unexpected behavior, especially crashes. A crash often signals a memory corruption bug.

For buffer overflows, the first goal is to make the target crash so we know an overflow exists.

The Workflow

The classic exploitation workflow is:

  • Fuzz to crash the program.
  • Find the exact offset to the return address.
  • Control EIP.
  • Redirect to shellcode.

This lesson covers the first two steps.

All lessons in this course

  1. Memory and the Stack
  2. Fuzzing for Crashes
  3. Controlling EIP
  4. Shellcode and Exploitation
← Back to Ethical Hacking Academy