GithubHelp home page GithubHelp logo

marciopocebon / bbfuzzer Goto Github PK

View Code? Open in Web Editor NEW

This project forked from johnhammond/bbfuzzer

0.0 0.0 0.0 24 KB

Nightmare code I wrote and used for the Cyberstakes 2016 Breaking Binaries challenge. Managed to crack a good 200+ programs, though, more than any other team! This is the catalyst to a better utility: peach.

Shell 2.35% Python 97.65%

bbfuzzer's Introduction

2016 "Breaking Binaries" Fuzzer

This repository hosts the code that we "objEEdump" used to try and render a segfault with multiple binaries during the Cyberstakes 2016 "Breaking Binaries" exercise.

At this point, the code is a disgusting nightmare and is daunting to look through and review, but it should documented and stored nonetheless.

It managed to break over 200 binaries during the exercise, which on average 50-70 more than the other competing teams!

File & Directory Information

  • original_smart.py

    This is the main code, the powerhouse Python script that does everything for the fuzzer. This is what the interested onlooker should look at and play with. It was named "smart" because that rendition keeps track of the binaries it has already cracked, and it does not loop through them when it moves onto a new attack. The attacks we tried to implement were a standard input overflow, command-line arguments up to eight repeating, integer bounds, and a theoretical command-line "options" attack, that would try combinations of command-line arguments like -x or -a (etc.) to try and guess at program interaction. This ended up being too time-consuming, so I didn't use it for the actual competition (but I think the functionality is still there).

    The code tests for a segfault by looking for changes in dmesg output. Cheap, I know, but it works.

  • this_is_the_old_one.py

    This old rendition of the script did not compartmentalize the attacks into different functions, so it generated the "fuzz" for the [fuzzing] in a much more dirty way (on top of all the code already being pretty overbloated).

  • segfaults

    This directory hosts experimental code that was never actually implemented; the hope was try and automate a buffer overflow attack and actually attempt to gain a shell. I ended up testing this with the Behemoth challenge of the Over the Wire wargames, but this made for a "one-trick pony" kind of solution (it was not readily replicable with other vulnerable buffer overflows). An automated buffer overflow would be a worth while thing to implement, if at any point someone wants to try again.

  • clean.sh

    This was a dirty bash script to kill any leftover processes and binaries that still happened to be running after execution.

bbfuzzer's People

Contributors

johnhammond avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.