Fitblip
commented
9 years ago Hey there,
Can you give me some more info on your setup, and some debug messages?
Thanks!
Open PolymathMonkey opened 9 years ago
Fitblip
commented
9 years ago Hey there,
Can you give me some more info on your setup, and some debug messages?
Thanks!
PolymathMonkey
commented
9 years ago Hi there,
of course i can provide more details. I tried to keep as close to the wikipage for setting up on a Windows box. So this is what i am actually trying to run (in random order):
For the Setup i am running, it is just a WinXP SP3 Ger. in a virutal machine running on a KVM. The VM has got about 512mb of ram and CPU has 3.3 Ghz. For the application i want to test i used an vurnlserver fuzzer i found on:
http://resources.infosecinstitute.com/fuzzing-vulnserver-with-sulley-part-3/
I hope these Information helps to fix this issue. If i can give you any other information, just tell me. I will try to provide them as soon as i can. Thanks in advance
Kind regards,
PolymathMonkey
Fitblip
commented
9 years ago Are you attempting to fuzz it locally (sulley and the vulnerable program on the same computer)?
On Mon, Oct 13, 2014 at 11:35 PM, PolymathMonkey notifications@github.com wrote:
Hi there,
of course i can provide more details. I tried to keep as close to the wikipage for setting up on a Windows box. So this is what i am actually trying to run (in random order):
- python version is 2.7
- impacket-9.0.2
- WpdPack_4_1_2
- WinPcap_4_1_3
- pcapy-0.10.8
- for pydbg i pulled the latest from "https://github.com/Fitblip/pydbg"
- for the mingw installation i used the installer from here " https://github.com/develersrl/gccwinbinaries" (which seems to fix the '-mno-cygwin' issue in my case)
- For Sulley itself i also pulled from the repo (1.0)
For the Setup i am running, it is just a WinXP SP3 Ger. in a virutal machine running on a KVM. The VM has got about 512mb of ram and CPU has 3.3 Ghz. For the application i want to test i used an vurnlserver fuzzer i found on:
http://resources.infosecinstitute.com/fuzzing-vulnserver-with-sulley-part-3/
I hope these Information helps to fix this issue. If i can give you any other information, just tell me. I will try to provide them as soon as i can. Thanks in advance
Kind regards,
PolymathMonkey
— Reply to this email directly or view it on GitHub https://github.com/OpenRCE/sulley/issues/64#issuecomment-58996208.
PolymathMonkey
commented
9 years ago Yes to that, but i also tied to let the network_monitor run on the linux host system. But with no success, when i run the nwmon on linux it only does one capture and then stops to iterate.
Fitblip
commented
9 years ago Yeah, this is a known issue :( the windows TCP stack won't let you intercept traffic it's routing to a local interface (for some really dumb reason).
I'd recommend either setting up 2 VMs and fuzzing one to the other, or following some advice here -> http://wiki.wireshark.org/CaptureSetup/Loopback
Moving forward I'm actually axing the pcap-to-get-your-payload model as it's pretty silly, plus it doesn't work on things like SSL (even if you can capture traffic), so this shouldn't be an issue.
On Tue, Oct 14, 2014 at 1:39 AM, PolymathMonkey notifications@github.com wrote:
Yes to that, but i also tied to let the network_monitor run on the linux host system. But with no success, when i run the nwmon on linux it only does one capture and then stops to iterate.
— Reply to this email directly or view it on GitHub https://github.com/OpenRCE/sulley/issues/64#issuecomment-59007968.
PolymathMonkey
commented
9 years ago Okay thanks i will try your suggestions and then i will give you some feedback :)
Fitblip
commented
9 years ago Sweet! Let me know :)
On Tue, Oct 14, 2014 at 11:33 PM, PolymathMonkey notifications@github.com wrote:
Okay thanks i will try your suggestions and then i will give you some feedback :)
— Reply to this email directly or view it on GitHub https://github.com/OpenRCE/sulley/issues/64#issuecomment-59163497.
nixawk
commented
8 years ago @PolymathMonkey @Fitblip Have you solved the problem? Sulley failed to log cap files.
root@lab:~/sulley# uname -a
Linux lab 4.3.0-kali1-686-pae #1 SMP Debian 4.3.5-1kali1 (2016-02-11) i686 GNU/Linux
root@lab:~/sulley# python network_monitor.py -d 0 -f "port 21" -P audit
[10:07.06] Network Monitor PED-RPC server initialized:
[10:07.06] device: eth0
[10:07.06] filter: port 21
[10:07.06] log path: audit
[10:07.06] log_level: 1
[10:07.06] Awaiting requests...
[10:07.19] initializing capture for test case #3
Warning: Kernel filter failed: Bad file descriptor
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 754, in run
self.__target(*self.__args, **self.__kwargs)
File "/root/sulley/sulley/pedrpc.py", line 299, in serve_forever
ret = method_pointer(*args, **kwargs)
File "network_monitor.py", line 178, in pre_send
self.pcap.setfilter(self.filter)
PcapError: can't remove kernel filter: Bad file descriptor
@all3g check the link @Fitblip posted. It explains the problem pretty good, in basic you have to do sniffing from a virtual LAN or such because sniffing from loopback in windows was a pain in the ass
Fitblip
commented
8 years ago Yup, @PolymathMonkey is correct. Sniffing locally has always been an issue due to how the networking stacks work in each platform.
@all3g your issue seems like it might actually be a configuration issue with VMWare though. Some cursory googling of your issue lead me to this -> https://communities.bmc.com/message/606551
nixawk
commented
8 years ago Thanks @PolymathMonkey @Fitblip . It works.
Hi,
i have this specific Problem happening on one of my Lab environment Machines. First of all i did the Sulley installation like the Wiki page suggested. And also network_monitor.py and process_monitor.py work fine. But when i come to the point where i want to do some test fuzz'es to see if it works. Sulley claims something like "stopped PCAP thread, snagged 0 bytes of data". But on the other side on the second test machine the scripts run perfectly, And the network traffic gets written to the pcap files. If this is not really an issue please just close this ticket. Thanks in advance.
Kind regards,
Monkey