Boofuzz在崩溃后不重新启动进程

2024-09-30 14:17:57 发布

您现在位置:Python中文网/ 问答频道 /正文
8150 3

我正在学习如何使用boofuzz来模糊化。我在Windows7VM上安装了所有的东西。目标是Vulnserver应用程序。由于我知道TRUNGMON和{}命令易受攻击,所以我将这些命令放入s_group列表中。我希望vulnserver.exe进程在TRUN命令时崩溃,重新启动,然后继续测试其他命令。下面是我使用的boofuzz脚本。在

#!/usr/bin/python

from boofuzz import *
from boofuzz import pedrpc

host = "172.16.37.201"
port = 9999

# Define request
s_initialize("Vulnserver")
s_group("verbs", values=["TRUN", "GMON", "KSTET"])

if s_block_start("test", group="verbs"):
    s_delim(" ")
    s_string("AAA")
    s_string("\r\n")

s_block_end("test")

# Define Session
logger = FuzzLogger(fuzz_loggers=[FuzzLoggerText()])
session = sessions.Session(log_level=10, sleep_time=0.03, fuzz_data_logger=logger)
connection = SocketConnection(host, port, proto="tcp")
target = sessions.Target(connection)
target.procmon = pedrpc.Client(host, 26002)
target.procmon_options = {
    "proc_name":"vulnserver.exe",
    "stop_commands":['wmic process where (name="vulnserver.exe") delete'],
    "start_commands":['C:\\Temp\\vulnserver.exe 9999'],
}
session.add_target(target)
session.connect(s_get("Vulnserver"))
session.fuzz()

启动vulnserver.exe之后,我运行boofuzz脚本,得到以下错误:

^{pr2}$

错误表明boofuzz没有重新启动vulnserver.exe进程。下面是process_monitor.py的输出,如果有帮助的话。在

C:\Tools\boofuzz>python process_monitor.py --crash_bin "crash.bin" --proc_name "vulnserver.exe" --port 26002
[01:23.48] Process Monitor PED-RPC server initialized:
[01:23.48]       crash file:  C:\Tools\boofuzz\crash.bin
[01:23.48]       # records:   0
[01:23.48]       proc name:   None
[01:23.48]       log level:   1
[01:23.48] awaiting requests...
[01:24.01] updating target process name to 'vulnserver.exe'
[01:24.01] updating stop commands to: ['wmic process where (name="vulnserver.exe") delete']
[01:24.01] updating start commands to: ['C:\\Temp\\vulnserver.exe 9999']
[01:24.01] debugger thread-1472837041 looking for process name: vulnserver.exe
[01:24.01] debugger thread-1472837041 found match on pid 1060
[01:24.06] debugger thread-1472837041 caught access violation: '[INVALID]:41414141 Unable to disassemble at 41414141 from thread 1904 caused access violation'
[01:24.06] debugger thread-1472837041 exiting
[01:24.06] debugger thread-1472837046 looking for process name: vulnserver.exe

谢谢!在


Tags: toname命令targetbinsessioncrashdebugger
1条回答
网友
1楼 · 发布于 2024-09-30 14:17:57

TL;DR

重新启动失败是一系列错误的结果。运行pip install upgrade boofuzz以获得{a1}或更高版本,或从{a2}下拉最新代码。在

进程监视器错误

关键问题是procmon检测到的故障被记录为info,而不是failures,这意味着没有触发重新启动。Fix PR。在

臭虫

这条线:

socket.error: [Errno 10061] No connection could be made because the target machine actively refused it

提示被测试的应用程序很可能崩溃。Boofuzz应该处理这个而不是崩溃。此问题是reportedfixed。在

其他进程监视器错误

注意,在process_monitor.py输出行中:

^{pr2}$

进程名未设置!错误在process_monitor.py第368行:

if opt in ("-p", " proc_Name"): #oops!

它应该是 proc_name而不是 proc_Name!在

此问题在最新代码中已出现fixed。但是一个解决办法是使用短名称-p,而不是 proc_name。在

相关问题 更多 >

    编程相关推荐