gpt4 book ai didi

python - Boofuzz 不会在崩溃后重新启动进程

转载 作者:行者123 更新时间:2023-11-28 19:11:43 34 4
gpt4 key购买 nike

我正在学习如何使用 boofuzz 进行模糊测试。我在 Windows 7 VM 上进行了所有设置。目标是 Vulnserver 应用程序。因为我知道 TRUNGMONKSTET 命令容易受到攻击,所以我将这些命令放在 s_group 列表中.我希望 vulnserver.exe 进程在 TRUN 命令上崩溃,重新启动,然后继续测试其他命令。下面是我使用的 boofuzz 脚本。

#!/usr/bin/python

from boofuzz import *
from boofuzz import pedrpc

host = "172.16.37.201"
port = 9999

# Define request
s_initialize("Vulnserver")
s_group("verbs", values=["TRUN", "GMON", "KSTET"])

if s_block_start("test", group="verbs"):
s_delim(" ")
s_string("AAA")
s_string("\r\n")

s_block_end("test")

# Define Session
logger = FuzzLogger(fuzz_loggers=[FuzzLoggerText()])
session = sessions.Session(log_level=10, sleep_time=0.03, fuzz_data_logger=logger)
connection = SocketConnection(host, port, proto="tcp")
target = sessions.Target(connection)
target.procmon = pedrpc.Client(host, 26002)
target.procmon_options = {
"proc_name":"vulnserver.exe",
"stop_commands":['wmic process where (name="vulnserver.exe") delete'],
"start_commands":['C:\\Temp\\vulnserver.exe 9999'],
}
session.add_target(target)
session.connect(s_get("Vulnserver"))
session.fuzz()

启动 vulnserver.exe 后,我运行我的 boofuzz 脚本并得到以下错误:

.....
+0c: 41414141 (1094795585) -> N/A
+10: 41414141 (1094795585) -> N/A
+14: 41414141 (1094795585) -> N/A

disasm around:
0x41414141 Unable to disassemble

SEH unwind:
ffffffff -> ntdll.dll:774d61a5 mov edi,edi

[2016-09-02 13:24:06,178] Test Case: 53
[2016-09-02 13:24:06,178] Info: primitive name: None, type: String, default value: AAA
[2016-09-02 13:24:06,178] Info: Test case 53 of 8352 for this node. 53 of 8352 overall.
Traceback (most recent call last):
File "auto.py", line 34, in <module>
session.fuzz()
File "C:\Python27\lib\site-packages\boofuzz\sessions.py", line 414, in fuzz
self._fuzz_current_case(*fuzz_args)
File "C:\Python27\lib\site-packages\boofuzz\sessions.py", line 846, in _fuzz_current_case
target.open()
File "C:\Python27\lib\site-packages\boofuzz\sessions.py", line 71, in open
self._target_connection.open()
File "C:\Python27\lib\site-packages\boofuzz\socket_connection.py", line 118, in open
self._sock.connect((self.host, self.port))
File "C:\Python27\lib\socket.py", line 228, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 10061] No connection could be made because the target machine actively refused it

该错误表明 boofuzz 没有重启 vulnserver.exe 进程。如果有帮助,下面是 process_monitor.py 的输出。

C:\Tools\boofuzz>python process_monitor.py --crash_bin "crash.bin" --proc_name "vulnserver.exe" --port 26002
[01:23.48] Process Monitor PED-RPC server initialized:
[01:23.48] crash file: C:\Tools\boofuzz\crash.bin
[01:23.48] # records: 0
[01:23.48] proc name: None
[01:23.48] log level: 1
[01:23.48] awaiting requests...
[01:24.01] updating target process name to 'vulnserver.exe'
[01:24.01] updating stop commands to: ['wmic process where (name="vulnserver.exe") delete']
[01:24.01] updating start commands to: ['C:\\Temp\\vulnserver.exe 9999']
[01:24.01] debugger thread-1472837041 looking for process name: vulnserver.exe
[01:24.01] debugger thread-1472837041 found match on pid 1060
[01:24.06] debugger thread-1472837041 caught access violation: '[INVALID]:41414141 Unable to disassemble at 41414141 from thread 1904 caused access violation'
[01:24.06] debugger thread-1472837041 exiting
[01:24.06] debugger thread-1472837046 looking for process name: vulnserver.exe

谢谢!

最佳答案

长话短说

重启失败是一系列错误的结果。运行 pip install --upgrade boofuzz 以获取 v0.0.5或更高版本,或从 Github 中下载最新代码.

process_monitor 错误

关键问题是 procmon 检测到的故障被记录为信息,而不是故障,这意味着没有触发重启。 Fix PR .

boofuzz 错误

这一行:

socket.error: [Errno 10061] No connection could be made because the target machine actively refused it

提示被测应用程序很可能崩溃了。 Boofuzz 应该处理这个而不是崩溃。此问题已reportedfixed .

其他 process_monitor 错误

注意在你的 process_monitor.py 输出行:

[01:23.48]       proc name:   None

过程名称未设置!错误在process_monitor.py第368行:

if opt in ("-p", "--proc_Name"): #oops!

应该是--proc_name而不是--proc_Name!

这个问题已经fixed在最新的代码中。但解决方法是使用短名称 -p 而不是 --proc_name

关于python - Boofuzz 不会在崩溃后重新启动进程,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39298133/

34 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com