Tuesday, 24 February 2015

[EN] Fun with American Fu(n)zzy Lop

Last days I was doing a little research about 'how this crazy afl works'.  ;)
"American Fuzzy Lop" it's an excellent tool created by lcamtuf.

Now it's a good moment to check the documentation of 'afl' if you want
some nice details about using it.

My main note is for "starting" with afl is:
'hangs' sometimes can also give you a potential vulnerability.
Let me show you something. I wrote a simple code with vulnerable strcpy() to
see how afl will handle with 'sample' like this.

What I found was... After few minutes I saw first 'hang':

... after another few minutes I found more and more 'examples' of hangs.
I thought it is timeout or something like that... To check it, I wrote
"extremely advance" bash script ;) to 'automate process of checking hangs'.

So... we will run the script and check the results:

 Next step? Maybe 'ulimit' :

And maybe some gdb now:

... and now, maybe it's your turn to run afl on your own code? ;)

Happy hunting!


No comments:

Post a Comment

What do You think...?