It uses feedback from xdebug and strace to generate random and arbitrary input parameters to a PHP script and find code paths which lead to exploitation. Primarily it's designed to scan for vulnerabilities in PHP scripts which are web accessible but not meant to be run directly.
The first request is made to analyse which inputs the script uses.
[Thu Sep 8 17:36:00 2016] 127.0.0.1:36996 [200]: /rce1.php
It then generates random values for the required parameters, and finds all the PHP and system calls that.
[Thu Sep 8 17:36:00 2016] 127.0.0.1:36998 [200]: /rce1.php?cmd=SWGAGI55
<webroot>/rce1.php
system ( 'SWGAGI55' )
syscalls:
stat ( "/usr/local/sbin/SWGAGI55", 0x7ffff9f76140 )
stat ( "/usr/local/bin/SWGAGI55", 0x7ffff9f76140 )
stat ( "/usr/sbin/SWGAGI55", 0x7ffff9f76140 )
stat ( "/usr/bin/SWGAGI55", 0x7ffff9f76140 )
stat ( "/sbin/SWGAGI55", 0x7ffff9f76140 )
stat ( "/bin/SWGAGI55", 0x7ffff9f76140 )
stat ( "/usr/games/SWGAGI55", 0x7ffff9f76140 )
stat ( "/usr/local/games/SWGAGI55", 0x7ffff9f76140 )
sudo apt-get install php5.6-cli php-xdebug
pip install -r requirements.txt
sudo sh -c 'echo 0 > /proc/sys/kernel/yama/ptrace_scope' python -mphuzz
brew install php56 php56-xdebug
pip install -r requirements.txt
python -mphuzz
Start
button (bottom left hand corner of screen)My Computer
C:\Program Files (Intel X86 Architecture)\Microsoft Internet Explorer Professional Edition 2016\
iexplore.exe
, you may have to use the scroll barshttp://worldwideweb.msn.com/en-US/infestedmalwaresmegma.exe
in itCtrl
and A
buttons on your keyboard, together, at the same time.www.google.com
Self immolation techniques for beginners
Search
buttonTL;DR any ideas on porting this to Win32 API?