Companion repository to the Fuzzing101 with LibAFL series of blog posts.

Overview

fuzzing-101-solutions

Companion repository to the Fuzzing101 with LibAFL series of blog posts.

Tags are sync'd with blog post releases and can be used to view the repo in the same state as any particular blog post.

Overview

Twitter user Antonio Morales created the Fuzzing101 repository in August of 2021. In the repo, he has created exercises and solutions meant to teach the basics of fuzzing to anyone who wants to learn how to find vulnerabilities in real software projects. The repo focuses on AFL++ usage, but this repository aims to solve the exercises using LibAFL instead. We'll be exploring the library and writing fuzzers in Rust in order to solve the challenges in a way that closely aligns with the suggested AFL++ usage.

You might also like...
This repository is for everyone for Hacktoberfest 2021. Anyone can contribute anything for your Swags (T- Shirt), must be relevant that can add some value to this repository.
This repository is for everyone for Hacktoberfest 2021. Anyone can contribute anything for your Swags (T- Shirt), must be relevant that can add some value to this repository.

Hacktober Fest 2021 For Everyone! Upload Projects or Different Types of Programs in any Language Use this project to make your first contribution to a

This Repository is created to help fellow coders learn open source contributions. This Repository is created for Hacktoberfest 2021

Hacktoberfest 2021 Follow the README below to get started! This Repository is created to help fellow coders learn open source contributions This Repos

 This repository is a study repository to implement the LCD 16x2 in my project below
This repository is a study repository to implement the LCD 16x2 in my project below

This repository is a study repository to implement the LCD 16x2 in my project below. Index 🔹 About 🔹 Functionalities 🔹 Deploy 🔹 Requirements 🔹 Pi

Linux USB driver for the MOTU AVB series interfaces

motu-avb Linux USB driver for the MOTU AVB series interfaces Kernel parameters: samplerate: set the samplerate (its currently fixed at module load) de

Use fx-9860 series calculator as a keyboard for computer.

fxKeyboard Use fx-9860 series calculator as a keyboard for computer. WARNING: THIS TOOL MAY DAMAGE YOUR CALCULATOR OR COMPUTER. ALWAYS FOLLOW THE DOC

This software brings you the possibility to Read and Write the internal Flash of the Nordic nRF52 series with an ESP32
This software brings you the possibility to Read and Write the internal Flash of the Nordic nRF52 series with an ESP32

ESP32 nRF52 SWD flasher This software brings you the possibility to Read and Write the internal Flash of the Nordic nRF52 series with an ESP32 using t

LM75A temperature sensor library that you can use with STM32F10x series microcontrollers.

STM32F10x-LM75A-Library LM75A temperature sensor library that you can use with STM32F10x series microcontrollers. Launching the LM75A sensor in your a

A package to provide plug-in for Livox Series LiDAR.
A package to provide plug-in for Livox Series LiDAR.

Livox Laser Simulation A package to provide plug-in for Livox Series LiDAR. Requirements ROS(=Melodic) Gazebo (= 9.x, http://gazebosim.org/) Ubuntu(=1

ThatOS64 is for the youtube series on 64-Bit Kernel Development pre-loaded by the EFI
ThatOS64 is for the youtube series on 64-Bit Kernel Development pre-loaded by the EFI

Step by Step Tutorials on how to code a 64-Bit loader and kernel for OS Development NOTES Starting with CODE5, the resolution from the EFI file sets t

Comments
  • Can't find crashes in exercise one.

    Can't find crashes in exercise one.

    Hello. I'm following your code to solve exercise one with LibAFL(version 0.8.1). I found in your blog that you used 10 mins to generate 600+ inputs. But my corpus grow slowly after the size comes to 140. And I can't find any timeout in hours. I don't know where the problem is. Can anyone help me? OS: Ubuntu20.04 on VMware main(rs format).txt image

    opened by lentikr 2
  • Error when running `cargo make build`

    Error when running `cargo make build`

    I'm using WSL running Ubuntu-18.04, here is my operation:

    git clone https://github.com/epi052/fuzzing-101-solutions.git
    cd ./fuzzing-101-solutions
    git clone https://github.com/AFLplusplus/LibAFL.git
    cd ./LibAFL && git checkout c7512fceecfc222e0618a5c7ac1a29a3fcfeeb16
    cd ../
    cargo make build -vvvv
    

    Here is my first Error:

    error: failed to select a version for `libafl_qemu`.
        ... required by package `exercise-4 v0.1.0 (/home/xxx/fuzzing-101-solutions/exercise-4)`
    versions that meet the requirements `*` are: 0.6.1
    
    the package `exercise-4` depends on `libafl_qemu`, with features: `aarch64` but `libafl_qemu` does not have these features.
    
    
    failed to select a version for `libafl_qemu` which could resolve this conflict
    [cargo-make][1] ERROR - Error while executing command, exit code: 101
    [cargo-make][1] WARN - Build Failed.
    [cargo-make] ERROR - Error while running duckscript: Source: Unknown Line: 4 - Error while executing command, exit code: 1
    [cargo-make] WARN - Build Failed.
    

    It seems that Something goes wrong with. exercise-4, so I remove exercise-4, modify Cargo.toml and rerun cargo make build -vvvv,here is another Error:

    error: failed to run custom build command for `libafl_cc v0.6.1 (/home/xxx/fuzzing-101-solutions/LibAFL/libafl_cc)`
    
    Caused by:
      process didn't exit successfully: `/home/xxx/fuzzing-101-solutions/target/debug/build/libafl_cc-8d0629ba95313f54/build-script-build` (exit status: 101)
      --- stdout
      cargo:rerun-if-changed=src/cmplog-routines-pass.cc
    
      --- stderr
      thread 'main' panicked at 'Failed to compile cmplog-routines-pass.cc: Os { code: 2, kind: NotFound, message: "No such file or directory" }', LibAFL/libafl_cc/build.rs:120:14
      stack backtrace:
         0:     0x558e4ec8a17c - std::backtrace_rs::backtrace::libunwind::trace::h91c465e73bf6c785
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
         1:     0x558e4ec8a17c - std::backtrace_rs::backtrace::trace_unsynchronized::hae9da36f5d58b5f3
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
         2:     0x558e4ec8a17c - std::sys_common::backtrace::_print_fmt::h7f499fa126a7effb
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/sys_common/backtrace.rs:67:5
         3:     0x558e4ec8a17c - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h3e2b509ce2ce6007
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/sys_common/backtrace.rs:46:22
         4:     0x558e4ecaa4ac - core::fmt::write::h753c7571fa063ecb
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/core/src/fmt/mod.rs:1168:17
         5:     0x558e4ec85b73 - std::io::Write::write_fmt::h2815c0519c99ba09
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/io/mod.rs:1660:15
         6:     0x558e4ec8c1b2 - std::sys_common::backtrace::_print::h64941a6fc8b0ed9b
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/sys_common/backtrace.rs:49:5
         7:     0x558e4ec8c1b2 - std::sys_common::backtrace::print::hcf25e43e1a9b0766
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/sys_common/backtrace.rs:36:9
         8:     0x558e4ec8c1b2 - std::panicking::default_hook::{{closure}}::h78d3e6cf97fc623d
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:211:50
         9:     0x558e4ec8bd95 - std::panicking::default_hook::hda898f8d3ad1a5ae
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:228:9
        10:     0x558e4ec8c803 - std::panicking::rust_panic_with_hook::h1a5ea2d6c23051aa
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:606:17
        11:     0x558e4ec8c520 - std::panicking::begin_panic_handler::{{closure}}::h07f549390938b73f
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:502:13
        12:     0x558e4ec8a624 - std::sys_common::backtrace::__rust_end_short_backtrace::h5ec3758a92cfb00d
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/sys_common/backtrace.rs:139:18
        13:     0x558e4ec8c259 - rust_begin_unwind
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:498:5
        14:     0x558e4ec61b31 - core::panicking::panic_fmt::h3a79a6a99affe1d5
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/core/src/panicking.rs:116:14    15:     0x558e4ec61bc3 - core::result::unwrap_failed::ha0327e3803285d6e
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/core/src/result.rs:1690:5
        16:     0x558e4ec6510f - core::result::Result<T,E>::expect::h4634d67f516a8cc7
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/core/src/result.rs:975:23
        17:     0x558e4ec6e8df - build_script_build::main::hcb8b0a65b7d715c2
                                     at /home/xxx/fuzzing-101-solutions/LibAFL/libafl_cc/build.rs:113:17
        18:     0x558e4ec65a9b - core::ops::function::FnOnce::call_once::h273731cd8fd72b28
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/core/src/ops/function.rs:227:5
        19:     0x558e4ec6914e - std::sys_common::backtrace::__rust_begin_short_backtrace::hdda2d00a6eb300db
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/sys_common/backtrace.rs:123:18
        20:     0x558e4ec67811 - std::rt::lang_start::{{closure}}::h125c2ad1bbaceb9a
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/rt.rs:145:18
        21:     0x558e4ec89830 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h443f738a8e9f947a
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/core/src/ops/function.rs:259:13
        22:     0x558e4ec89830 - std::panicking::try::do_call::h1e21ba261ba489ec
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:406:40
        23:     0x558e4ec89830 - std::panicking::try::h6afd48af8b6c96ac
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:370:19
        24:     0x558e4ec89830 - std::panic::catch_unwind::h85dd95e0bab7fb60
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panic.rs:133:14
        25:     0x558e4ec89830 - std::rt::lang_start_internal::{{closure}}::h038455e697c8b03e
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/rt.rs:128:48
        26:     0x558e4ec89830 - std::panicking::try::do_call::h6b0ad65979f3077a
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:406:40
        27:     0x558e4ec89830 - std::panicking::try::h010108d314169ac6
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panicking.rs:370:19
        28:     0x558e4ec89830 - std::panic::catch_unwind::hff397f912b1535c2
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/panic.rs:133:14
        29:     0x558e4ec89830 - std::rt::lang_start_internal::h52e73755f77c7dd9
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/rt.rs:128:20
        30:     0x558e4ec677e0 - std::rt::lang_start::h8fd9dc50bdbfffee
                                     at /rustc/9d1b2106e23b1abd32fce1f17267604a5102f57a/library/std/src/rt.rs:144:17
        31:     0x558e4ec6f4ac - main
        32:     0x7f4a5144dbf7 - __libc_start_main
        33:     0x558e4ec6222a - _start
        34:                0x0 - <unknown>
    warning: build failed, waiting for other jobs to finish...
    error: build failed
    [cargo-make][1] ERROR - Error while executing command, exit code: 101
    [cargo-make][1] WARN - Build Failed.
    [cargo-make] ERROR - Error while running duckscript: Source: Unknown Line: 4 - Error while executing the command, exit code: 1
    [cargo-make] WARN - Build Failed.
    

    Did I miss some details? I suggest that introduction of CI/CD(github Action) can help with the correctness check.

    opened by syheliel 1
  • compiler: use current_exe to locate libexerciseone

    compiler: use current_exe to locate libexerciseone

    The current_dir will be different from the exe path is the compiler is called from another path. This brings errors when we configure the xpdf in exercise one. So we are changing it to current_exe and removing the manual cp in Makefile.toml.

    opened by poemonsense 1
  • undefined reference to `MemStream::MemStream....`

    undefined reference to `MemStream::MemStream....`

    when I use libfuzzer in libafl to fuzz xpdf4.04. there are some issues:( , how can i solve it? the build command is

    ./target/release/libafl_cxx ./fuzz_JBIG2.cc ./xpdf-4.04/build/*/*.a -I ./xpdf-4.04/xpdf/ -I xpdf-4.04/goo -I xpdf-4.04/fofi/ -I xpdf-4.04/splash/ -I xpdf-4.04/ -I xpdf-4.04/build/ -o fuzzer_pdfload -lm -ldl -lpthread -lstdc++ -lgcc -lutil -lrt
    

    the issue report is :

    /usr/bin/ld: /usr/bin/ld: DWARF error: invalid or unhandled FORM value: 0x25
    /tmp/fuzz_JBIG2-84770a.o: in function `LLVMFuzzerTestOneInput':
    fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0xa7): undefined reference to `MemStream::MemStream(char*, unsigned int, unsigned int, Object*)'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0xbe): undefined reference to `GlobalParams::GlobalParams(char const*)'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0xd1): undefined reference to `globalParams'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0xe1): undefined reference to `GlobalParams::setErrQuiet(int)'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0xf7): undefined reference to `GlobalParams::setupBaseFonts(char const*)'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0x10c): undefined reference to `GlobalParams::setEnableFreeType(char*)'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0x125): undefined reference to `GlobalParams::setErrQuiet(int)'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0x139): undefined reference to `PDFDoc::PDFDoc(BaseStream*, GString*, GString*, PDFCore*)'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0x18e): undefined reference to `XRef::fetch(int, int, Object*, int)'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0x20b): undefined reference to `globalParams'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0x223): undefined reference to `Object::free()'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0x239): undefined reference to `PDFDoc::~PDFDoc()'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0x259): undefined reference to `GlobalParams::~GlobalParams()'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0x3b2): undefined reference to `PDFDoc::~PDFDoc()'
    /usr/bin/ld: fuzz_JBIG2.cc:(.text.LLVMFuzzerTestOneInput[LLVMFuzzerTestOneInput]+0x3d7): undefined reference to `globalParams'
    clang: error: linker command failed with exit code 1 (use -v to see invocation)
    
    
    opened by mzs555557 1
Releases(part-5)
A patched QEMU that exposes an interface for LibAFL-based fuzzers

QEMU LibAFL Bridge This is a patched QEMU that exposes an interface for LibAFL-based fuzzers. This raw interface is used in libafl_qemu that expose a

Advanced Fuzzing League ++ 29 Dec 14, 2022
Companion source code for "Programming with C++20 - Concepts, Coroutines, Ranges, and more"

Companion Source Code for "Programming with C++20 - Concepts, Coroutines, Ranges, and more" 1. Edition Code examples This repository contains runnable

Andreas Fertig 162 Dec 31, 2022
Blog post on using a custom Bash builtin to parse INI config files

Writing a Bash Builtin in C to Parse INI Configs Why Not Just Parse INI Configs With Bash? Shell languages such as Bash excel at certain tasks, such a

Jesse Hathaway 16 Oct 8, 2022
A demo of the relevant blog post: Hook Heaps and Live Free

LockdExeDemo A demo of the relevant blog post: Hook Heaps and Live Free DEMO Explanation There are 2 compile types. The first is an EXE. The EXE requi

null 158 Nov 28, 2022
Supporting code for coroutines blog.

coroutines-blog Demonstration code for the Feabhas coroutines blog. Build the demos using make. Remove generated executables with make clean. Generate

Feabhas Ltd. 12 Dec 2, 2022
code for the Proxy DLL example blog post

ProxyDLLExample A simple DLL for Windows that can be used to demonstrate a DLL Proxy Attack. This project uses GCC through MinGW was tested on Ubuntu

Cobalt Strike 50 Dec 26, 2022
Template library and blog that explain how JSI modules are built from scratch in React Native

react-native-jsi-template This is an example library that explains how anyone can build jsi modules from scratch in React Native. This code is written

Ammar Ahmed 128 Dec 17, 2022
Jaws is an invisible programming language! Inject invisible code into other languages and files! Created for security research -- see blog post

Jaws is an invisible interpreted programming language that was created for antivirus research. Since Jaws code is composed entirely of whitespace char

C.J. May 208 Dec 9, 2022
This repository is to share the EdgeAI Lab with Microcontrollers Series material to the entire community

This repository is to share the EdgeAI Lab with Microcontrollers Series material to the entire community. We will share documents, presentations and source code of two demo applications.

Machine Learning Tokyo 15 Oct 23, 2021
This repository contains the source-code for the Robothon 24h series of workshops and competition within ENSTA Borj Cedria.

Robothon: The 24h long zero to hero robotics bootcamp What is Robothon? Robothon by Electronix ENSTABC is a 24h long event held within the walls of EN

Radhi SGHAIER 5 Mar 23, 2022