Showing posts from July, 2018

06 - How to maybe not be so bad at fuzzing, Part 2

06 - Back to the Fuzzing, Part 2 This post will focus more on actual usage of different fuzzers, rather than part one which talked about fuzzing from a higher level.  I'll use the widely available  vulnserver.exe  as a target application for a bunch of examples, as there are a ton of posts out there that go over exploiting it.  I will also briefly talk about some typical fuzzing use-cases, such as HTTP requests, and how we may employ a fuzzer to assist in testing.  I'm not going to turn our crashes into exploits, that's outside of the scope of this post-- I'll just take a more in depth look at the available tools to expedite the process of locating bugs. Here's the agenda for tool usage: Python Sockets SPIKE boofuzz In part one I'll talk about some common ways to implement python sockets, such as raw sockets for a normal client / server model, fuzzing HTTP requests, and maybe a bit more if I don't get lazy half-way.  In part two I will apply

05 - How to maybe not be so bad at fuzzing, Part 1

05 - Back to the Fuzzing Alright, in previous posts I've utilized fuzzing to 'locate' crashes in applications, but definitely ran into a lot of problems whilst doing it.  As I've alluded to, this blog is more about the learning experience than it is about showing folks exactly how  to do things, primarily because I'm a pretty big n00b at a lot of this stuff, anyway.  Alas, I'm learning and improving daily. Part one of the fuzzing post will cover more informational aspects of fuzzing, such as what fuzzing is, how it is used, and some of the available tools and a short example on the basic buffer overflow, as well as its relation to fuzzing. In part two, I'll go into greater detail with some of the currently available network fuzzers, and how to use them. 01 - What is fuzzing? The term gets thrown around a lot.  It's not complicated, but perhaps I should start here. Fuzzing is the practice of sending (via whatever medium) an application &#