Pupils exploit software vulnerabilities with EasyFuzzer 1.0

Pupils exploit software vulnerabilities with EasyFuzzer 1.0

EasyFuzzer is a new fuzzy testing tool. Currently, only file format fuzzy testing is supported.

Features: Easy, streamlined, efficient, and intelligent.
Easy: it is very easy to use and does not require any configuration. With his primary school students, he can also exploit vulnerabilities and never worry about zero day.
Simplified: for capacity and speed, the software is written in 100% assembler language. Eliminate useless fuzzer functions in the past. Green software.
High Efficiency: It is extremely fast because it is written in assembly language and supports multi-thread fuzz.
Intelligent: supports ignore exceptions.
Powerful: supports smart fuzz to mine vulnerabilities in complex file formats.

Download:

Download screen recording tool Sdemo2.0

Instructions for use:

Template File: select a normal file (based on this file)

Target path: path for storing variant samples. Make sure the path exists before selecting logs.

Suffix: Enter the suffix of the sample.

Host Program: Path of the software to be mined

Mining Process: 1. sample generation

2. sample generated files for mining

Then introduce the option window

The options window includes some advanced options.

Exception log: the log that stores the exception information. Make sure the path exists before selecting the log.

Run time: the lifecycle of each sample. Computers with different performance have different requirements for this value than different testing targets (browsers, players, and image viewers. This reduces lab efficiency and wastes energy. If the value is small, the test will fail.

Enabling rate: The time at which an enabling thread is started.

The fuzz efficiency can be greatly improved by reasonably configuring the values of good luck row time and enable rate.

The running time is four times of the enabling rate. Basically, the program runs on four processes.

Engine 1: Suitable for mining small file vulnerabilities. It is mainly used to mine integer overflow vulnerabilities. Low Efficiency and wide coverage.

Engine 2: used to mine large file vulnerabilities (at least 1 kb). It is mainly used to mine buffer overflow vulnerabilities.

More engines are under development.

Ignore exceptions. This option is used to handle false positives. We will not discuss it here.

More functions are under development. Next we will use him to perform fuzz on the sdemo video tool.

2. smv is a standard video sample in advance.

We select Engine 2 to generate malformed samples.

Click Generate file.

The sentence is generated several seconds later.

Open the folder. A large number of samples have been generated here.

Click fuzzing.

At this time, the program is working on a high-load fuzzing and multithreading!

I have already mined some of them. Due to time issues, I ended fuzz early.

In the logo log, we find that an exception occurs in the log file No. 687.

Manual verification is indeed abnormal.

In fact, this is a buffer overflow vulnerability.