AFL fuzzing 二进制文件

最新推荐文章于 2022-12-29 15:18:42 发布

Configure-Handler

最新推荐文章于 2022-12-29 15:18:42 发布

阅读量3.5k

点赞数 4

分类专栏：环境搭建文章标签： linux

本文链接：https://blog.csdn.net/qq_42931917/article/details/112801073

版权

环境搭建专栏收录该内容

9 篇文章 1 订阅

订阅专栏

前言
前一篇文章记录了 AFL fuzzing tcpdump栈溢出漏洞，这里记录下使用AFL fuzzing gcc 编译二进制文件的详细过程以及踩过的坑。

qemu_mode afl fuzzing
基本步骤

//cd到afl源码目录可以看到文件夹qemu_mode
cd qemu_mode
//里面有一个自动构建qemu fuzzing环境的脚本
curits@curits-virtual-machine:~/Desktop/afl-fuzzing/afl-2.52b/qemu_mode$ ls -alh
drwxr-xr-x  5 curits curits 4.0K 1月  19 10:15 .
drwxr-xr-x 11 curits curits 4.0K 1月  19 10:23 ..
-rwxr-xr-x  1 curits curits 4.7K 1月  19 09:56 build_qemu_support.sh
drwxr-xr-x  2 curits curits 4.0K 1月  19 09:55 patches
//执行./build_qemu_support.sh 便可以自动搭建qemu fuzzing 环境
curits@curits-virtual-machine:~/Desktop/afl-fuzzing/afl-2.52b/qemu_mode$./build_qemu_support.sh

现实往往是骨感的，那些个坑记录一下！！！

------------报错1-------------
curits@curits-virtual-machine:~/Desktop/afl-fuzzing/afl-2.52b/qemu_mode$ ./build_qemu_support.sh
=================================================
AFL binary-only instrumentation QEMU build script
=================================================

[*] Performing basic sanity checks...
[-] Error: 'libtool' not found, please install first.

本着缺什么就安装什么的原则，sudo apt-get install libtool，可以安装完成依旧报这个错，据帖子上说安装完libtool还需要安装libtool-bin，sudo apt-get install libtool-bin解决这个报错。

//解决办法
sudo apt-get install libtool
sudo apt-get install libtool-bin

------------报错2-------------
curits@curits-virtual-machine:~/Desktop/afl-fuzzing/afl-2.52b/qemu_mode$ ./build_qemu_support.sh
=================================================
AFL binary-only instrumentation QEMU build script
=================================================

[*] Performing basic sanity checks...
[-] Error: devel version of 'glib2' not found, please install first

网上搜索一番，说使用 sudo apt-get install libgtk2.0-dev可以解决，但是安装时提示有非常多的依赖

curits@curits-virtual-machine:~/Desktop/afl-fuzzing/afl-2.52b/qemu_mode$ sudo apt-get install libgtk2.0-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 gnupg : Breaks: software-properties-common (<= 0.96.24.3) but 0.96.20.8 is to be installed
 libgtk2.0-dev : Depends: libglib2.0-dev (>= 2.27.3) but it is not going to be installed
                 Depends: libgdk-pixbuf2.0-dev (>= 2.21.0) but it is not going to be installed
                 Depends: libpango1.0-dev (>= 1.20) but it is not going to be installed
                 Depends: libatk1.0-dev (>= 1.29.2) but it is not going to be installed
                 Depends: libcairo2-dev (>= 1.6.4-6.1) but it is not going to be installed
                 Recommends: debhelper but it is not going to be installed
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.

原因是因为packages broken，google一番，解决办法如下：

sudo apt-get install aptitude
sudo aptitude install libgtk2.0-dev

------------报错3-------------
util/memfd.c:40:12: error: static declaration of ‘memfd_create’ follows non-static declaration
 static int memfd_create(const char *name, unsigned int flags)
            ^~~~~~~~~~~~
In file included from /usr/include/i386-linux-gnu/bits/mman-linux.h:115:0,
                 from /usr/include/i386-linux-gnu/bits/mman.h:45,
                 from /usr/include/i386-linux-gnu/sys/mman.h:41,
                 from /home/curits/Desktop/afl-fuzzing/afl-2.52b/qemu_mode/qemu-2.10.0/include/sysemu/os-posix.h:29,
                 from /home/curits/Desktop/afl-fuzzing/afl-2.52b/qemu_mode/qemu-2.10.0/include/qemu/osdep.h:104,
                 from util/memfd.c:28:
/usr/include/i386-linux-gnu/bits/mman-shared.h:46:5: note: previous declaration of ‘memfd_create’ was here
 int memfd_create (const char *__name, unsigned int __flags) __THROW;
     ^~~~~~~~~~~~
/home/curits/Desktop/afl-fuzzing/afl-2.52b/qemu_mode/qemu-2.10.0/rules.mak:66: recipe for target 'util/memfd.o' failed
make: *** [util/memfd.o] Error 1

编译qemu的时候报错，这是因为memfd_create和glibc中的同名函数冲突了，所以需要给安装包打patche；

cd ./qemu_mode/patches
vim memfd_create.diff
//添加以下patche 并保存
diff -ru qemu-2.10.0-clean/util/memfd.c qemu-2.10.0/util/memfd.c
--- qemu-2.10.0-clean/util/memfd.c      2018-11-20 18:11:00.170271506 +0100
+++ qemu-2.10.0/util/memfd.c    2018-11-20 18:11:13.398423613 +0100
@@ -37,7 +37,7 @@
 #include <sys/syscall.h>
 #include <asm/unistd.h>
 
-static int memfd_create(const char *name, unsigned int flags)
+int memfd_create(const char *name, unsigned int flags)
 {
 #ifdef __NR_memfd_create
     return syscall(__NR_memfd_create, name, flags);

//修改 build_qemu_support.sh安装添加的patch
 patch -p1 <../patches/elfload.diff || exit 1
 patch -p1 <../patches/cpu-exec.diff || exit 1
 patch -p1 <../patches/syscall.diff || exit 1
 patch -p1 <../patches/memfd_create.diff || exit 1
 
//重新执行脚本build_qemu_support.sh编译成功
[+] Build process successful!
[*] Copying binary...
-rwxrwxr-x 1 curits curits 8682792 1月  19 09:58 ../afl-qemu-trace
[+] Successfully created '../afl-qemu-trace'.
[*] Testing the build...
[+] Instrumentation tests passed.
[+] All set, you can now use the -Q mode in afl-fuzz!

------------报错4-------------
curits@curits-virtual-machine:~/Desktop/afl-fuzzing/zerotest$ afl-fuzz -i fuzz_in/ -o fuzz_out/ -Q ./vuln
afl-fuzz 2.52b by <lcamtuf@google.com>
[+] You have 2 CPU cores and 2 runnable tasks (utilization: 100%).
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[*] Checking core_pattern...
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'fuzz_in/'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...

[-] Oops, unable to find the 'afl-qemu-trace' binary. The binary must be built
    separately by following the instructions in qemu_mode/README.qemu. If you
    already have the binary installed, you may need to specify AFL_PATH in the
    environment.

    Of course, even without QEMU, afl-fuzz can still work with binaries that are
    instrumented at compile time with afl-gcc. It is also possible to use it as a
    traditional "dumb" fuzzer by specifying '-n' in the command line.

[-] PROGRAM ABORT : Failed to locate 'afl-qemu-trace'.
         Location : get_qemu_argv(), afl-fuzz.c:7669

在对gcc 编译生成的二进制文件进行fuzzing的时候发现无法定位到 ‘afl-qemu-trace’ ，原因是因为脚本只生成可执行文件，并没有进行安装

//解决办法
cd qemu-2.10.0
sudo make install

成功fuzzing gcc 编译的二进制文件！！！
在这里插入图片描述

参考链接：
https://blog.csdn.net/qq_38081870/article/details/104380070
https://stackoverflow.com/questions/42738525/i-am-trying-to-install-libgtk2-0-dev-on-ubuntu-14-but-getting-some-error
https://blog.csdn.net/liyihao17/article/details/109981662