Error in Process Monitor and Fuzzing never starts
Akim10150 opened this issue · 4 comments
Hi everyone!
When I try to run the boofuzz with the process monitor and vulnserver, I get errors in the process monitor and the fuzzing never starts.
Here is a screenshot of the process_monitor.py error:
Here is the Python Script I'm trying to use:
#!/usr/bin/python
from boofuzz import *
target_ip = "192.168.59.129"
options = {"proc_name" : "vulnserver.exe", "stop_commands": ['wmic process where (name="vulnserver.exe") delete'], "start_commands": ['C:\users\ieuser\desktop\vulnserver\vulnserver.exe']}
procmon = ProcessMonitor(target_ip,26002)
procmon.set_options(**options)
monitors = [procmon]
session = Session(target=Target(connection=SocketConnection(target_ip,9999, proto='tcp'),monitors=monitors),sleep_time=1)
s_initialize("user_command")
s_string("KSTET")
s_delim(" ",fuzzable=False)
s_string("AAAA")
s_static("\r\n")
session.connect(s_get("user_command"))
session.fuzz()
Any help with this would be greatly appreciated.
Thanks!
Thanks for the report @Akim10150!
I have just tested some very similar case on Linux where it works fine.
That exception from your screenshot might be a bug in the procmon related to Windows. I'll take a look at that once I get a debugger on Windows running.
About the proc_name
option for procmon, that is only needed if your start command will spawn another process and exits if I remember correctly.
From the log it looks like vulnserver.exe never exits and is waiting for connections. In that case you should omit the proc_name
option and see if that works.
Thank you for you response @SR4ven :)
Removing proc_name fixed the problem with not starting the fuzzing, but now the process monitor is saying every fuzzing attempt is a crash. I don't think the 8 byte input in one of the screenshots should be a crash.
Boo Fuzz is awesome! I can't wait till I figure out how to use it properly.
This looks to me like a problem with the process monitor (see the "Bind failed" message). Did you figure it out eventually or is it still a problem?
The process monitor RPC is a bit janky and in need of a rewrite. To me, it seems like communication between boofuzz and the process monitor is lost, which is wrongly labled as a test case failure.