Today we'll finish the topic started few months ago: Simple Universal Fortigate Fuzzer. Below youl'l find the details about it. Here we go...
This time we'll start here:
During previous part of this small research we talked about:
- connecting to Fortigate machine
- using Mutiny against the target VMs
My (let's say "initial") idea was to:
- prepare a python client to connect to target machine
- prepare a set of commands (oneliners or "multi-liners"; see tree in FG CLI docs)
- mutate our 'commands' with some example payload (like AAAABBBBCCCCDDDD...)
- send given command(s)
- collect bugs (aka. read web/CLI logs to catch the crash).
So far we are able to:
- connect to target FG
- send our 'payload-command'.
To continue I used the skeleton-poc file presented in last post. As I decided that 'commands to send' we'll read from input file next step was to find them. To do that you can use documentation and 'tree' command mentioned before. You can also dump the whole config and parse it to use as a separated "commands-input files".
Special thanks goes to Reykez who fixed the issue with the iteration! ;)
So far - we should be somewhere here:
For our "simple universal" fuzzing scenario as a 'payload' we'll use multiple A and B letters. When our commands in input files are ready - we can continue our tests like this:
If everything works fine - after a while we should get first results (to check via web panel -> logs).
For example:
At this stage it should be pretty easy to continue your own tests in your LAB/environment:
See you next time!
Brak komentarzy:
Prześlij komentarz