Wireshark output file - any uber wireshark users?

**ivrytwr3** · 27th March 2014

"Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzing is commonly used to test for security problems in software or computer systems."

"SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execut1on (e.g. to dump the database contents to the attacker).^[1] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database."

As the text appears random and is being inputted against logins, p/w, email addys etc; do you think this could be a fuzzing test / SQL injection?

I haven't seen "&doEditUser=Add+User+Data" before - so not sure what this means!

**Over Carl** · 27th March 2014

Quite possibly could be SQL injection, dunno enough to say if it is or isn't tbh.

**ivrytwr3** · 27th March 2014

lol - i don't either! We have been told not to be 'wooly' with our answers, yet we will be marked down for factual errors; bah!!! It looks like a possible SQL injection, but i am not sure

**ivrytwr3** · 9th May 2014

Feedback is in and overall 'very good', however, from the tutor:

I am also looking for the following:

a. comment on the structure of the internal network

b. comment on the external sources accessing the internal network

c. comment on the resources that are being accessed.

Carl?! Help?!

ETA: Just tried to upgrade to VIP, to give something back to the site for all your help, but the link the VIP link takes me to the homepage?

**Goldberg** · 16th May 2014

Just had to start using this at work along with tcpdump. Great tool and it really helps with the security testing that they have assigned me.

I am no doubt going to have some questions soon. I did post one recently about tcpdump but the answer was looking at me square in the face!

**ivrytwr3** · 28th May 2014

Another 2 modules down and the results are in; very happy!

Thanks for your help and advice everyone, but be warned the next 2 modules have already started and i will be back here again with my requests for help and my tales of woe!!