Installing and Tweaking SPIKE and sickfuzz v0.3
Not sure how many tried out this "fuzzer", but the v0.3 is out with more pwnsauce.
Download link: http://code.google.com/p/sickfuzz/downloads/list
svn checkout http://sickfuzz.googlecode.com/svn/trunk/ sickfuzz
New features:
- Some SPIKE tweak.
- Changed the SPIKE fuzzer.
- Modified the .spk scripts.
- More logs available.
- More detailed help screen as well as output.
Fixed bugs:
- Fixed tailing issue, now paths don't have to end with "/".
- Now stops when app crashes without going over the other scripts.
Install SPIKE and sickfuzz:root@bt:~# apt-get install automake
root@bt:~# rm -rf /pentest/fuzzers/spike/
root@bt:~# wget -P /tmp http://www.immunitysec.com/downloads/SPIKE2.9.tgz
root@bt:~# tar xvzf /tmp/SPIKE2.9.tgz -C /pentest/fuzzers && rm /tmp/SPIKE2.9.tgz
root@bt:~# cd /pentest/fuzzers/SPIKE/SPIKE/src/
Before actually starting to compile SPIKE we will make a little tweak (thank master @lupin for this one!).
Open up spike.c, there are 2 lines that look like this:printf("tried to send to a closed socket!\n");
Each of these 2 lines contains a "return 0;" instruction on the next line, we will replace this instruction with "exit(1);" save the file and proceed.
(NOTE: ONLY REPLACE THOSE 2 INSTRUCTIONS NOT ALL!)
snapshot_1
snapshot_2
snapshot_3
snapshot_4
Now we can proceed with SPIKE:root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# aclocal
root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# automake
root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# ./configure
root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# sed -i 's/CFLAGS = -Wall -funsigned-char -c -fPIC -ggdb/CFLAGS = -Wall -funsigned-char -c -fPIC -ggdb -fno-stack-protector/g' Makefile
root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# make
If you get this error: configure: creating ./config.status
cd && /bin/sh ./config.status Makefile
/bin/sh: ./config.status: No such file or directory
make: *** [Makefile] Error 127
Execute the following commands again:root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# aclocal
root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# automake
root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# ./configure
root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# sed -i 's/CFLAGS = -Wall -funsigned-char -c -fPIC -ggdb/CFLAGS = -Wall -funsigned-char -c -fPIC -ggdb -fno-stack-p$
root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# make
Should have worked now.root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# mv -f /pentest/fuzzers/SPIKE/SPIKE/src /pentest/fuzzers/spike/
root@bt:/pentest/fuzzers/SPIKE/SPIKE/src# cd
root@bt:~# rm -rf /pentest/fuzzers/SPIKE/
root@bt:~# cd /pentest/fuzzers/
root@bt:/pentest/fuzzers# svn checkout http://sickfuzz.googlecode.com/svn/trunk sickfuzz
Also if you are interested g0tmi1k made a nice script to automate the hole process:
http://code.google.com/p/sickfuzz/downloads/list
For more info on using SPIKE check out lupin's guides:
http://resources.infosecinstitute.com/intro-to-fuzzing/
http://resources.infosecinstitute.com/fuzzer-automation-with-spike/
目录
最新
- Remote kernel debugging using Windbg.
- Linux exploit development part 4 - ASCII armor bypass + return-to-plt
- Linux exploit development part 3 (rev 2) - Real app demo ret2libc
- Linux Exploit Development Pt 2 (rev 2) - Real App Demo (part 2)
- Linux exploit development part 3 - ret2libc
- Linux Exploit Writing Tutorial Pt 2 - Stack Overflow ASLR bypass Using ret2reg
- Linux exploit development part 1 - Stack overflow.
- Installing and Tweaking SPIKE and sickfuzz v0.3