search

shellphish / fuzzer

A Python interface to AFL, allowing for easy injection of testcases and other functionality.
BSD 2-Clause "Simplified" License
638 stars 130 forks source link

[Question] Installation steps #41

Open marekzmyslowski opened 5 years ago

marekzmyslowski commented 5 years ago

Hello,

I'm trying to install the fuzzer (with all the dependencies) on the docker container but every way of installation I'm facing different problems. Is there any instruction how to install it or a docker file that works? Regards Marek

zardus commented 5 years ago

Please check out the shellphish/mechaphish docker image. It has everything installed.

On Wed, Mar 20, 2019 at 11:23 PM marekzmyslowski notifications@github.com wrote:

Hello,

I'm trying to install the fuzzer (with all the dependencies) on the docker container but every way of installation I'm facing different problems. Is there any instruction how to install it or a docker file that works? Regards Marek

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/shellphish/fuzzer/issues/41, or mute the thread https://github.com/notifications/unsubscribe-auth/ADSzl_6a-ydgRYEpK2hJcpCueCd77Qb0ks5vYlKEgaJpZM4b_k5K .

marekzmyslowski commented 5 years ago

I used the simple example from https://blog.grimm-co.com/post/guided-fuzzing-with-driller/. I tried to run shellphuzz and a simple driller example (from the git page) and I got following results:

angr) angr@6c6ee3610022:~$ python drill.py                                                                                                                                                                                                                                                                                    
WARNING | 2019-03-21 05:53:46,233 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.                                                                                                                                                                     
WARNING | 2019-03-21 05:53:48,362 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.                                                                                                                                                                     
WARNING | 2019-03-21 05:53:50,016 | angr.state_plugins.symbolic_memory | The program is accessing memory or registers with an unspecified value. This could indicate unwanted behavior.                                                                                                                                        
WARNING | 2019-03-21 05:53:50,017 | angr.state_plugins.symbolic_memory | angr will cope with this by generating an unconstrained symbolic variable and continuing. You can resolve this by:                                                                                                                                    
WARNING | 2019-03-21 05:53:50,017 | angr.state_plugins.symbolic_memory | 1) setting a value to the initial state                                                                                                                                                                                                               
WARNING | 2019-03-21 05:53:50,018 | angr.state_plugins.symbolic_memory | 2) adding the state option ZERO_FILL_UNCONSTRAINED_{MEMORY,REGISTERS}, to make unknown regions hold null                                                                                                                                              
WARNING | 2019-03-21 05:53:50,018 | angr.state_plugins.symbolic_memory | 3) adding the state option SYMBOL_FILL_UNCONSTRAINED_{MEMORY_REGISTERS}, to suppress these messages.                                                                                                                                                  
WARNING | 2019-03-21 05:53:50,018 | angr.state_plugins.symbolic_memory | Filling register r13 with 8 unconstrained bytes referenced from 0x1021920 (__libc_init_first+0x10 in libc.so.6 (0x21920))                                                                                                                             
WARNING | 2019-03-21 05:53:50,022 | angr.state_plugins.symbolic_memory | Filling register r12 with 8 unconstrained bytes referenced from 0x1021922 (__libc_init_first+0x12 in libc.so.6 (0x21922))                                                                                                                             
WARNING | 2019-03-21 05:53:50,026 | angr.state_plugins.symbolic_memory | Filling register rbx with 8 unconstrained bytes referenced from 0x1021928 (__libc_init_first+0x18 in libc.so.6 (0x21928))                                                                                                                             
WARNING | 2019-03-21 05:53:50,195 | angr.state_plugins.symbolic_memory | Filling register cc_ndep with 8 unconstrained bytes referenced from 0x10219e6 (__libc_init_first+0xd6 in libc.so.6 (0x219e6))                                                                                                                         
WARNING | 2019-03-21 05:53:50,508 | angr.state_plugins.symbolic_memory | Filling register r15 with 8 unconstrained bytes referenced from 0x1021470 (PLT.free+0x1a8 in libc.so.6 (0x21470))                                                                                                                                     
WARNING | 2019-03-21 05:53:50,511 | angr.state_plugins.symbolic_memory | Filling register r14 with 8 unconstrained bytes referenced from 0x1021472 (PLT.free+0x1aa in libc.so.6 (0x21472))                                                                                                                                     
WARNING | 2019-03-21 05:53:51,527 | angr.state_plugins.symbolic_memory | Filling memory at 0x0 with 4 unconstrained bytes referenced from 0x400777 (main+0x7d in buggy (0x777))                                                                                                                                                
Traceback (most recent call last):                                                                                                                                                                                                                                                                                             
  File "drill.py", line 8, in <module>                                                                                                                                                                                                                                                                                         
    new_inputs = d.drill()                                                                                                                                                                                                                                                                                                     
  File "/home/angr/angr-dev/driller/driller/driller_main.py", line 85, in drill                                                                                                                                                                                                                                                
    list(self._drill_input())                                                                                                                                                                                                                                                                                                  
  File "/home/angr/angr-dev/driller/driller/driller_main.py", line 141, in _drill_input                                                                                                                                                                                                                                        
    simgr.step()                                                                                                                                                                                                                                                                                                               
  File "/home/angr/angr-dev/angr/angr/misc/hookset.py", line 75, in __call__                                                                                                                                                                                                                                                   
    result = current_hook(self.func.__self__, *args, **kwargs)                                                                                                                                                                                                                                                                 
  File "/home/angr/angr-dev/angr/angr/exploration_techniques/driller_core.py", line 39, in step                                                                                                                                                                                                                                
    simgr.step(stash=stash, **kwargs)                                                                                                                                                                                                                                                                                          
  File "/home/angr/angr-dev/angr/angr/misc/hookset.py", line 75, in __call__                                                                                                                                                                                                                                                   
    result = current_hook(self.func.__self__, *args, **kwargs)                                                                                                                                                                                                                                                                 
  File "/home/angr/angr-dev/angr/angr/exploration_techniques/tracer.py", line 115, in step                                                                                                                                                                                                                                     
    return simgr.step(stash=stash, **kwargs)
  File "/home/angr/angr-dev/angr/angr/misc/hookset.py", line 80, in __call__
    return self.func(*args, **kwargs)
  File "/home/angr/angr-dev/angr/angr/sim_manager.py", line 343, in step
    successors = self.step_state(state, successor_func=successor_func, **run_args)
  File "/home/angr/angr-dev/angr/angr/misc/hookset.py", line 75, in __call__
    result = current_hook(self.func.__self__, *args, **kwargs)
  File "/home/angr/angr-dev/angr/angr/exploration_techniques/tracer.py", line 135, in step_state
    raise Exception("All states disappeared!")
Exception: All states disappeared!