After last adventures with JunOS bugs I decided to learn more about FreeBSD - the base (afaik) OS for the "Juniper vSRX" I tested in the lab [1, 2]. I decided to start a quick fuzzing for the binaries inside this OS. Below you'll find few notes about it. Here we go...
This time we'll start here:
As you can see I'm using:
- latest version of AFL
- FreeBSD 12.3-RELEASE
- objdump (2.17.50).
To generate an input file I used python3 (simple: 'print a-long-A...-line to file and run it' command was used here). Next step, running afl-fuzz, like this:
After "a while" (in my case it took ~24h for the first crash) - you should be somewhere here:
Few more details:
The final file that triggered this sigsegv:
What surprised me - I wasn't only one who tested objdump lately ;)
Checking few others apps available in /usr/(s)bin/ I found another one:
Reading the fantastic manual:
Checking first results:
Preparing more quick-tests:
Reading the bug in gdb:
(grep)-Hints found in dmesg:
For now it should be enough to start reading more about FreeBSD and prepare more fuzzing scenarios...
Stay tuned! ;)
Cheers,
Brak komentarzy:
Prześlij komentarz