Friday, January 7, 2011

Simple File Format Fuzzing

Originally Posted: SUNDAY, JULY 11, 2010 AT 1:20PM

A member of the Corelan forums, CodeZer0, ask for a short tutorial on file fuzzing. In particular he wanted to know how we would find the bug from CorelanCoders first Exploit Development tutorial in EASY RM to MP3.

Fuzzing with Peach - Running the Fuzz - Part 3

Originally Posted: FRIDAY, JUNE 11, 2010 AT 8:15PM

Now that you have peach installed and a peach pit written its time to fuzz something. I'm sure you can guess what I have been fuzzing (look in the exploit section). With Peach I have found 2 different Denial Of Service bugs in solarwinds free tftp server in 2 weeks. This highlights the importance of internal application fuzzing before a product is released. If they had used my basic pit they would have found both bugs prior to release.

Fuzzing with Peach - The Peach Pit - Part 2

Originally Posted: SUNDAY, MAY 23, 2010 AT 3:21PM

In my last post I showed you how to install the peach fuzzing framework. The next step is to set up our configuration file called the peach pit. The peach pit is an XML files that lays out the protocol we are going to fuzz. In this case I am going to stick with TFTP. The author of peach, Michael Eddington, provides an auto complete library for use with Microsoft Visual Studio(free) which helps with the pit generation process immensely. I recommend you download and install it if you plan on working with peach pits on a regular basis.

Fuzzing with Peach - Install - Part 1

Originally Posted: THURSDAY, MAY 20, 2010 AT 7:36PM

According to the author of peach, Michael Eddington, peach is "a SmartFuzzer that is capable of performing both generation and mutation based fuzzing." What I have found in my short time using is that it might be the most useful fuzzer I have used to date. Once you understand the basics of the configuration files, or peach pits, you will discover how easy it is to modify and re-use code for rapid fuzzing development. Not to mention peaches ability to stop and restart crashed process for "set it and forget it" fuzzing.

Fuzzing and Exploit Development with Metasploit - Louisville Metasploit Class

Originally posted on: TUESDAY, MAY 4, 2010 AT 5:17PM

On May 8th the Kentucky ISSA held a training in Louisville, KY. I was asked to teach the section on Fuzzing and Exploit Development. Having only an hour to cover this VERY complex topic I demonstrated a basic buffer overflow. We start with fuzzing and go through the basic steps of development. This is an old, well known exploit but it demonstrates the important principles. Feel free to follow along with the videos and post any questions in the comments section.