Complete the following steps to fuzz a machine??™s
ActiveX controls using axenum and axfuzz:
1. Download axenum and axfuzz from SourceForge at http://sourceforge
.net/project/show?¬? les.php?group_id=122654&package_id=133918&release_
id=307910.
2. After unzipping the ?¬? le, execute axenum.exe on the command line, which
will enumerate all CLSIDs (ActiveX objects) that are marked as safe. Using
the following ?¬‚ ags will dump all CLSIDs marked as safe into safe.txt, which is
what we are most interested in, and all CLSID in general into logclsid.txt. See
Figure 8-8.
c:\axenum >safe.txt 2>logclsid.txt
Figure 8-7 ActiveX testing results from SecurityQA Toolbar
216 Hacking Exposed Web 2.0
3. Once CLSIDs that are marked as safe have been enumerated, axfuzz can be
used to fuzz the ActiveX control. Ensure that you selected CLSIDs that have
methods and properties associated with them (items that have something listed
after Category: Safe for Scripting/Initialising. For example, using the ?¬? rst CLSIDs
shown in Figure 8-8 as safe, the following command can be used to fuzz the
control:
c:\axfuzz 1000 {1C82EAD9-508E-11D1-8DCF-00C04FB951F9}
4. During the process, axfuzz will ask you to execute the fuzzing once it has all
the properties and methods set.
Pages:
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384