Comments (2)
Techno-Fox
commented on June 22, 2024
Just to make sure. I tested this with AFL. Went throught the crashes using afl-collect (part of afl-utils), and found a heap error (which is exploitable).
afl-collect 1.33a by rc0r [email protected] # @_rc0r
Crash sample collection and processing utility for afl-fuzz.
[] Going to collect crash samples from '/home/kittytechno/fuzzing/pdfcrack/out_afl'.
[!] Table 'Data' not found in existing database!
[] Creating new table 'Data' in database '/home/kittytechno/fuzzing/pdfcrack/crashes.db' to store data!
[] Found 1 fuzzers, collecting crash samples.
[] Successfully indexed 6 crash samples.
[] Saving invalid sample info to database.
[!] Removed 0 invalid crash samples from index.
[!] Removed 0 timed out samples from index.
[] Generating intermediate gdb+exploitable script '/home/kittytechno/fuzzing/pdfcrack/collection_dir/gdb_script.0' for 1 samples...
[] Generating intermediate gdb+exploitable script '/home/kittytechno/fuzzing/pdfcrack/collection_dir/gdb_script.1' for 1 samples...
[] Generating intermediate gdb+exploitable script '/home/kittytechno/fuzzing/pdfcrack/collection_dir/gdb_script.2' for 1 samples...
[] Generating intermediate gdb+exploitable script '/home/kittytechno/fuzzing/pdfcrack/collection_dir/gdb_script.3' for 1 samples...
[] Generating intermediate gdb+exploitable script '/home/kittytechno/fuzzing/pdfcrack/collection_dir/gdb_script.4' for 1 samples...
[] Generating intermediate gdb+exploitable script '/home/kittytechno/fuzzing/pdfcrack/collection_dir/gdb_script.5' for 1 samples...
[] Generating intermediate gdb+exploitable script '/home/kittytechno/fuzzing/pdfcrack/collection_dir/gdb_script.6' for 0 samples...
[] Generating intermediate gdb+exploitable script '/home/kittytechno/fuzzing/pdfcrack/collection_dir/gdb_script.7' for 0 samples...
[] Executing gdb+exploitable script 'gdb_script.0'...
[] Executing gdb+exploitable script 'gdb_script.1'...
[] Executing gdb+exploitable script 'gdb_script.2'...
[] Executing gdb+exploitable script 'gdb_script.3'...
[] Executing gdb+exploitable script 'gdb_script.4'...
[] Executing gdb+exploitable script 'gdb_script.5'...
[] Executing gdb+exploitable script 'gdb_script.6'...
[*] Executing gdb+exploitable script 'gdb_script.7'...
*** GDB+EXPLOITABLE SCRIPT OUTPUT ***
[00001] out_afl
[00002] out_afl
[00003] out_afl
[00004] out_afl
[00005] out_afl
[00006] out_afl
[] Saving sample classification info to database.
[!] Removed 3 duplicate samples from index. Will continue with 3 remaining samples.
[!] Removed 0 uninteresting crash samples from index.
[] Generating final gdb+exploitable script '/home/kittytechno/fuzzing/pdfcrack/collection_dir/gdb_script' for 3 samples...
[*] Copying 3 samples into output directory...
from manul.
Techno-Fox
commented on June 22, 2024
Any reports?
from manul.
Related Issues (20)
- AttributeError: 'ModuleNotFoundError' object has no attribute 'message'
- ModuleNotFoundError: No module named 'adamsa' HOT 2
- Suggest : Stdin option (Like afl) HOT 2
- Suggest : verbose option HOT 3
- Windows test32/64 DR client crash
- windows issues HOT 4
- Add Radamsa as a library HOT 1
- It seems afl mutator never grows a buffer HOT 14
- It seems manul afl new path not increase on windows, but winafl can detected more path for same exe HOT 14
- Manul reports exception instead of crash in forkmode
- Integrate manul with FuzzBench HOT 1
- Add/test support of __afl_persistent_loop
- test_network.exe fuzzing config?
- Problem with crash detection in the fuzzstati0n/fuzzgoat project? HOT 2
- Performance manul vs afl++ HOT 1
- real path of input file HOT 7
- [Linux] Some python bugs (with fix) in dbi driver
- [linux] dbi mode doesn't work (as expected) HOT 1
- FileNotFoundError: [Errno 2] No such file or directory: 'manul.config'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from manul.