GithubHelp home page GithubHelp logo

xiphosresearch / phuzz Goto Github PK

View Code? Open in Web Editor NEW
58.0 4.0 16.0 46 KB

Find exploitable PHP files by parameter fuzzing and function call tracing

License: Other

PHP 20.38% Python 78.43% Makefile 1.20%
php fuzzing xdebug strace exploitation dynamic-analysis

phuzz's Introduction

PHP Hardening Phuzzer

Build Status

It uses feedback from xdebug and strace to generate random and arbitrary input parameters to a PHP script and find code paths which lead to exploitation. Primarily it's designed to scan for vulnerabilities in PHP scripts which are web accessible but not meant to be run directly.

Features

  • Detect input parameters, _GET, _POST, _REQUEST, _COOKIE and _FILES
  • Generate random input parameters
  • Find unique code paths
  • systemcall tracing with strace and dtruss, tested on Linux & OSX
  • PHP function call tracing, using Xdebug

TODO

  • Make it suck less
  • Analysis of collected Phuzz cases/traces, automatic exploit generation
  • dtrace and systemtap support

Example

The first request is made to analyse which inputs the script uses.

[Thu Sep  8 17:36:00 2016] 127.0.0.1:36996 [200]: /rce1.php

It then generates random values for the required parameters, and finds all the PHP and system calls that.

[Thu Sep  8 17:36:00 2016] 127.0.0.1:36998 [200]: /rce1.php?cmd=SWGAGI55
<webroot>/rce1.php
	 system ( 'SWGAGI55' )

syscalls:
	 stat ( "/usr/local/sbin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/usr/local/bin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/usr/sbin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/usr/bin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/sbin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/bin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/usr/games/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/usr/local/games/SWGAGI55", 0x7ffff9f76140 )

Installation

Debian / Ubuntu

sudo apt-get install php5.6-cli php-xdebug
pip install -r requirements.txt

sudo sh -c 'echo 0 > /proc/sys/kernel/yama/ptrace_scope' python -mphuzz

OSX

brew install php56 php56-xdebug
pip install -r requirements.txt
python -mphuzz

Microsoft Windows (XP or above)

  • Click on Start button (bottom left hand corner of screen)
  • Click My Computer
  • Navigate to C:\Program Files (Intel X86 Architecture)\Microsoft Internet Explorer Professional Edition 2016\
  • Locate iexplore.exe, you may have to use the scroll bars
  • Click on it... twice, quickly!
  • Wait until new window opens up
  • Find the white bar with http://worldwideweb.msn.com/en-US/infestedmalwaresmegma.exe in it
  • Click the text, just once!
  • Press the Ctrl and A buttons on your keyboard, together, at the same time.
  • Type in www.google.com
  • Wait until your computer starts responding again
  • Type in Self immolation techniques for beginners
  • Press the Search button
  • Follow instructions until warm throughout

TL;DR any ideas on porting this to Win32 API?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.