From time to time I'm posting here some of the bugs I found in the past during my (file format) fuzzing adventures. This time we'll (again) try to focus a bit more on the protocol fuzzing scenarios. To continue - we will use Mutiny Fuzzing Framework. Here we go...
For my little-LAB I (again) used FreeFloatFTP software (one of the exploitable copy you can find here). My target machine was Windows 7 installed on virtual machine. Another VM (Ubuntu 20) I used as a 'pentester machine'.
Continuing this tests I grabbed mutiny fuzzer and prepared it (Ubuntu VM):
Next step was to run Wireshark and prepare it to observe only FTP packets (as this protocol was used by our target_app):
Checking:
If everything works properly we can now stop interception in Wireshark and save our communication in the PCAP file:
We should be somewhere here:
Continuing RTFM ;) We're landing here:
(In case you're indeed fuzzing a Windows-based-app - in my opinion it should be a good idea to think about the script described for Windbg in the previous post (mentioned before). Copy of the file can be found here as well if you want to try it with your target_app.)
When the fuzzer file is ready to run we can continue our tests like it is presented on the screen below:
...and after a while...
We should be somewhere here - watching our found bug(s) in Windbg:
Log for one of the cases found by mutiny (and log using Windbg) is presented below:
More details (using !exploitable):
So. As you can guess - I did not stop at this point ;) and after this sample test described above - I started few more 'example applications' I decided "I can try to fuzz". For example:
Or the other one:
I believe a this stage you should be able to create your own "mini LABs" and run the Mutiny Fuzzing Framework against your target applications to grab some bugs during the weekend. ;)
Remember to use it only for legal purposes.
(...and to not spoil it too much ;))
See you next time!
Brak komentarzy:
Prześlij komentarz