Light

demetriusford / mutation-fuzzer Goto Github PK

View Code? Open in Web Editor NEW

12.0 2.0 1.0 26 KB

TL;DR: Mutate a binary to identify potential exploit candidates

License: GNU General Public License v2.0

C 100.00%

c exploitation penetration-testing offensive-security fuzzing reverse-engineering

mutation-fuzzer's Introduction

mutation fuzzer

Written in C and based on Charlie Miller's (@0xcharlie) presentation: Babysitting an Army of Monkeys. This program can help identify exploit candidates triggered by vulnerable binaries.

usage

Post Reconnaissance:

$ gcc -o mutate main.c
$ ./mutate cross.jpg
$ ./jpg2bmp /tmp/tmpB3WZIc cross.bmp
Bug #4 triggered.
Segmentation fault (core dumped)

Using @jfoote's exploitable GDB plugin to gauge likelihood:

$ gdb --args ./jpg2bmp /tmp/tmpB3WZIc cross.bmp
(gdb) r
Starting program: /home/demetrius-ford/pentest/mutation-fuzzer/jpg2bmp /tmp/tmpB3WZIc cross.bmp
Bug #4 triggered.

Program received signal SIGSEGV, Segmentation fault.
0x00000000bffbffff in ?? ()
(gdb) exploitable
Description: Segmentation fault on program counter
Short description: SegFaultOnPc (3/22)
Hash: f6c31a70445b50c017eeaa1782b7be34.a02275b2f33a68c806d7551b0ba98206
Exploitability Classification: EXPLOITABLE
Explanation: The target tried to access data at an address that matches the program counter. This is likely due to the execution of a branch instruction (ex: 'call') with a bad argument, but it could also be due to execution continuing past the end of a memory region or another cause. Regardless this likely indicates that the program counter contents are tainted and can be controlled by an attacker.
Other tags: AccessViolation (21/22)

mutation-fuzzer's People

Contributors

Stargazers

Watchers

Forkers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.