tag:blogger.com,1999:blog-6892093636672801360.post4603088823834554927..comments2024-03-25T21:56:29.472-07:00Comments on The search for animal 0-day: Fuzzing Apache httpd server with American Fuzzy Lop + persistent modejavihttp://www.blogger.com/profile/16788921528397425612noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-6892093636672801360.post-64070426048263541092018-11-25T04:17:46.262-08:002018-11-25T04:17:46.262-08:00Try to use the "strace" command and see ...Try to use the "strace" command and see what is happening at the time of reading the file.javihttps://www.blogger.com/profile/16788921528397425612noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-83219563721239341212018-11-25T04:17:12.163-08:002018-11-25T04:17:12.163-08:00I am afraid that you will have to be a little bit ...I am afraid that you will have to be a little bit more specific. It seems that either you aren't instrumenting Apache properly or the fuzzer is straight not processing the inputs and sending these to the Apache process. This could be by a variety of reasons, from buggy code (bear in mind Apache and AFL have changed in the last year) to memory issues such as the "-m" option.<br />Furthermore, if you are using a Docker image, you might need the --privileged switch for Docker.javihttps://www.blogger.com/profile/16788921528397425612noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-31165550877680995832018-10-24T20:27:03.500-07:002018-10-24T20:27:03.500-07:00I'm trying the two examples: Fapache and Apach...I'm trying the two examples: Fapache and Apachistence, and both experienced such warnings:<br />> Some test cases look useless. Consider using a smaller set.<br /><br />Also, I could execute ~3000 tests per second, but the coverage is poor:<br />> last new path : none yet (odd, check syntax!)<br /><br />I've noticed that each cycle takes only a few seconds, and am wondering which part I should fix.<br />My repo is: https://github.com/Quick700/Quick700 , whose subdirectories contain the corresponding `Dockerfile`s.Anonymoushttps://www.blogger.com/profile/09654657848474799663noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-25592854881308047652017-11-10T04:21:15.351-08:002017-11-10T04:21:15.351-08:00I found on some Linux Distros (such as Ubuntu) if ...I found on some Linux Distros (such as Ubuntu) if you run:<br />CC=afl-clang make<br /><br />It won't get the ENV variable (this might be due to several things) and found that, if you swap the ENV variables like so:<br />make CC=afl-clang<br /><br />It will work. Haven't figured why yet but, please do tell if you came up with a solution!javihttps://www.blogger.com/profile/16788921528397425612noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-3316895862442115712017-10-25T02:02:31.352-07:002017-10-25T02:02:31.352-07:00So when I launch: afl-fuzz -i testcases/ -o sess_1...So when I launch: afl-fuzz -i testcases/ -o sess_1/ -m none -t 2000 -- /usr/local/apache_afl/bin/httpd -X -F @@<br />I get a message saying the target binary is not instrumented. If I follow your instructions (which are quite confusing and they get even worse on the sunspots blog) apache is never built with afl-clang since your CC=afl-clang before running your script is ignored. <br />Do what is the trick?Josephhttps://www.blogger.com/profile/07594167862933328010noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-62931187619423002562017-09-23T11:36:17.382-07:002017-09-23T11:36:17.382-07:00Indeed! I do set a different file name in each con...Indeed! I do set a different file name in each config file, and use a different config file for each fuzzer.<br />Also, this is actually a key point to fuzz Apache as, depending on the configuration file you set, AFL will also cover different parts of code (e.g. enable diferent Apache mods)javihttps://www.blogger.com/profile/16788921528397425612noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-78798530130775283032017-09-23T05:43:18.503-07:002017-09-23T05:43:18.503-07:00Hi,
Great post! But when I try to start the secon...Hi,<br /><br />Great post! But when I try to start the second httpd instance (the first one is already running), I receive :<br />httpd (pid 15951) already running<br /><br />Did I forget something ?<br /><br />Thanks in advance.Bircoumhttps://www.blogger.com/profile/17005037854319945419noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-30484735729337380752017-07-19T22:46:29.891-07:002017-07-19T22:46:29.891-07:00Hi,but I have trouble in running httpd,some errors...Hi,but I have trouble in running httpd,some errors are as follow:<br />[+] Stdin file (null)<br />[-] Couldn't fopen<br /><br />So,could you help me or give me some idea? Thanks a lot!frankaVaLuhttps://www.blogger.com/profile/02648141046185460660noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-90023931846247705642017-07-19T13:15:38.770-07:002017-07-19T13:15:38.770-07:00Este comentario ha sido eliminado por el autor.Abdulellah Alsaheelhttps://www.blogger.com/profile/05713347381505036386noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-3334833586834048752017-07-06T12:03:45.294-07:002017-07-06T12:03:45.294-07:00My first spam comment, YAY!
Further comments like...My first spam comment, YAY!<br /><br />Further comments like this one will be removed :)javihttps://www.blogger.com/profile/16788921528397425612noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-6315708936916891702017-07-06T01:28:16.011-07:002017-07-06T01:28:16.011-07:00I have seen a lot of blogs and Info. on other Blog...I have seen a lot of blogs and Info. on other Blogs and Web sites But in this <a href="http://nareshit.in/hadoop-training/" rel="nofollow">H</a>adoop Blog Information is useful very thanks for sharing it........<br />Anonymoushttps://www.blogger.com/profile/11657270191906999380noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-30978848244762541402017-05-22T13:44:23.399-07:002017-05-22T13:44:23.399-07:00Thanks for that, noted.Thanks for that, noted.javihttps://www.blogger.com/profile/16788921528397425612noreply@blogger.comtag:blogger.com,1999:blog-6892093636672801360.post-55646325554448825912017-05-21T15:37:09.605-07:002017-05-21T15:37:09.605-07:00Pretty sure changes to /etc/environment require a ...Pretty sure changes to /etc/environment require a logoffAnonymoushttps://www.blogger.com/profile/11977280153367579333noreply@blogger.com