Error in Process Monitor and Fuzzing never starts

Question

Error in Process Monitor and Fuzzing never starts

Akim10150 opened this issue 3 years ago · comments

Hi everyone!
When I try to run the boofuzz with the process monitor and vulnserver, I get errors in the process monitor and the fuzzing never starts.

Here is a screenshot of the process_monitor.py error:

Here is the Python Script I'm trying to use:

#!/usr/bin/python

from boofuzz import *

target_ip = "192.168.59.129"
options = {"proc_name" : "vulnserver.exe", "stop_commands": ['wmic process where (name="vulnserver.exe") delete'], "start_commands": ['C:\users\ieuser\desktop\vulnserver\vulnserver.exe']}
procmon = ProcessMonitor(target_ip,26002)
procmon.set_options(**options)
monitors = [procmon]
session = Session(target=Target(connection=SocketConnection(target_ip,9999, proto='tcp'),monitors=monitors),sleep_time=1)

s_initialize("user_command")
s_string("KSTET")
s_delim(" ",fuzzable=False)
s_string("AAAA")
s_static("\r\n")
session.connect(s_get("user_command"))
session.fuzz()

Any help with this would be greatly appreciated.

Thanks!

Maximilian Lindner · Answer 1 · Thu Jul 22 2021 05:54:04 GMT+0800 (China Standard Time)

Thanks for the report @Akim10150!

I have just tested some very similar case on Linux where it works fine.
That exception from your screenshot might be a bug in the procmon related to Windows. I'll take a look at that once I get a debugger on Windows running.

About the proc_name option for procmon, that is only needed if your start command will spawn another process and exits if I remember correctly.
From the log it looks like vulnserver.exe never exits and is waiting for connections. In that case you should omit the proc_name option and see if that works.

Akim10150 · Answer 2 · Thu Jul 22 2021 10:04:58 GMT+0800 (China Standard Time)

Thank you for you response @SR4ven :)

Removing proc_name fixed the problem with not starting the fuzzing, but now the process monitor is saying every fuzzing attempt is a crash. I don't think the 8 byte input in one of the screenshots should be a crash.

Boo Fuzz is awesome! I can't wait till I figure out how to use it properly.

Katharina Bogad · Answer 3 · Thu Dec 02 2021 19:38:52 GMT+0800 (China Standard Time)

This looks to me like a problem with the process monitor (see the "Bind failed" message). Did you figure it out eventually or is it still a problem?

The process monitor RPC is a bit janky and in need of a rewrite. To me, it seems like communication between boofuzz and the process monitor is lost, which is wrongly labled as a test case failure.

Akim10150 · Answer 4 · Fri Dec 03 2021 04:06:23 GMT+0800 (China Standard Time)

I don't think I ever figured it out. I no longer have the test environment from before, but will try again once I set it up. Thanks for the help! Boofuzz is awesome! I can't wait to learn to use it properly 🙂

…

On Thu, Dec 2, 2021, 5:39 AM Katharina Bogad ***@***.***> wrote: This looks to me like a problem with the process monitor (see the "Bind failed" message). Did you figure it out eventually or is it still a problem? The process monitor RPC is a bit janky and in need of a rewrite. To me, it seems like communication between boofuzz and the process monitor is lost, which is wrongly labled as a test case failure. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#532 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AMWDQ3SMKYREEUWUDDKWUFLUO5LFPANCNFSM5ASWT7IA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.