Friday, January 7, 2011

Fuzzing with Peach - Running the Fuzz - Part 3

Originally Posted: FRIDAY, JUNE 11, 2010 AT 8:15PM

Now that you have peach installed and a peach pit written its time to fuzz something. I'm sure you can guess what I have been fuzzing (look in the exploit section). With Peach I have found 2 different Denial Of Service bugs in solarwinds free tftp server in 2 weeks. This highlights the importance of internal application fuzzing before a product is released. If they had used my basic pit they would have found both bugs prior to release.

Running the fuzzer is very easy. On the Agent machine you need to install the application you want to fuzz, in my case it was solarwinds free tftp server. Next you need to modify you pit agent block to properly monitor for you application. Make sure all your ip addresses are correct then start the agent. To do this go to your peach folder in command line and run "peach.bat -a". You will see the message "//-> Listening on [9000] with no password" to indicate the agent is listening.

Once you have a peach agent running on the agent machine we need to start the fuzzer on the server. Again you need to navigate to the peach folder on your system in the command line. Once there all you need to do is type "peach.bat <PEACH PIT>". (NOTE: Dont type <PEACH PIT>, type the name of your peach pit ie: peach.bat tftp.xml) You should see peach contact the agent and then start fuzzing.

Thats it. If all goes well (for you, not the application developers) you will start to see some exploitable crashes come in.

No comments:

Post a Comment