leancloud

aflnw blackbox
afl blackbox
2021-05-21 15:34:39 +08:00 · 2021-05-20 19:37:57 +08:00 · 2021-05-20 19:34:04 +08:00
6 changed files with 103 additions and 64 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -970,8 +970,7 @@
        },
        "ansi-regex": {
          "version": "2.1.1",
-          "bundled": true,
+          "bundled": true
          "optional": true
        },
        "aproba": {
          "version": "1.2.0",
@ -989,13 +988,11 @@
        },
        "balanced-match": {
          "version": "1.0.0",
-          "bundled": true,
+          "bundled": true
          "optional": true
        },
        "brace-expansion": {
          "version": "1.1.11",
          "bundled": true,
          "optional": true,
          "requires": {
            "balanced-match": "^1.0.0",
            "concat-map": "0.0.1"
@ -1008,18 +1005,15 @@
        },
        "code-point-at": {
          "version": "1.1.0",
-          "bundled": true,
+          "bundled": true
          "optional": true
        },
        "concat-map": {
          "version": "0.0.1",
-          "bundled": true,
+          "bundled": true
          "optional": true
        },
        "console-control-strings": {
          "version": "1.1.0",
-          "bundled": true,
+          "bundled": true
          "optional": true
        },
        "core-util-is": {
          "version": "1.0.2",
@ -1122,8 +1116,7 @@
        },
        "inherits": {
          "version": "2.0.3",
-          "bundled": true,
+          "bundled": true
          "optional": true
        },
        "ini": {
          "version": "1.3.5",
@ -1133,7 +1126,6 @@
        "is-fullwidth-code-point": {
          "version": "1.0.0",
          "bundled": true,
          "optional": true,
          "requires": {
            "number-is-nan": "^1.0.0"
          }
@ -1146,20 +1138,17 @@
        "minimatch": {
          "version": "3.0.4",
          "bundled": true,
          "optional": true,
          "requires": {
            "brace-expansion": "^1.1.7"
          }
        },
        "minimist": {
          "version": "0.0.8",
-          "bundled": true,
+          "bundled": true
          "optional": true
        },
        "minipass": {
          "version": "2.3.5",
          "bundled": true,
          "optional": true,
          "requires": {
            "safe-buffer": "^5.1.2",
            "yallist": "^3.0.0"
@ -1176,7 +1165,6 @@
        "mkdirp": {
          "version": "0.5.1",
          "bundled": true,
          "optional": true,
          "requires": {
            "minimist": "0.0.8"
          }
@ -1249,8 +1237,7 @@
        },
        "number-is-nan": {
          "version": "1.0.1",
-          "bundled": true,
+          "bundled": true
          "optional": true
        },
        "object-assign": {
          "version": "4.1.1",
@ -1260,7 +1247,6 @@
        "once": {
          "version": "1.4.0",
          "bundled": true,
          "optional": true,
          "requires": {
            "wrappy": "1"
          }
@ -1336,8 +1322,7 @@
        },
        "safe-buffer": {
          "version": "5.1.2",
-          "bundled": true,
+          "bundled": true
          "optional": true
        },
        "safer-buffer": {
          "version": "2.1.2",
@ -1367,7 +1352,6 @@
        "string-width": {
          "version": "1.0.2",
          "bundled": true,
          "optional": true,
          "requires": {
            "code-point-at": "^1.0.0",
            "is-fullwidth-code-point": "^1.0.0",
@ -1385,7 +1369,6 @@
        "strip-ansi": {
          "version": "3.0.1",
          "bundled": true,
          "optional": true,
          "requires": {
            "ansi-regex": "^2.0.0"
          }
@ -1424,13 +1407,11 @@
        },
        "wrappy": {
          "version": "1.0.2",
-          "bundled": true,
+          "bundled": true
          "optional": true
        },
        "yallist": {
          "version": "3.0.3",
-          "bundled": true,
+          "bundled": true
          "optional": true
        }
      }
    },
@ -2461,14 +2442,12 @@
        "is-extglob": {
          "version": "2.1.1",
          "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
-          "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
+          "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI="
          "optional": true
        },
        "is-glob": {
          "version": "4.0.1",
          "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz",
          "integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==",
          "optional": true,
          "requires": {
            "is-extglob": "^2.1.1"
          }
@ -2482,8 +2461,7 @@
        "normalize-path": {
          "version": "3.0.0",
          "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
-          "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+          "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA=="
          "optional": true
        },
        "nunjucks": {
          "version": "3.2.2",
@ -2979,9 +2957,9 @@
      }
    },
    "lodash": {
-      "version": "4.17.21",
+      "version": "4.17.11",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "resolved": "http://registry.npm.taobao.org/lodash/download/lodash-4.17.11.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
+      "integrity": "sha1-s56mIp72B+zYniyN8SU2iRysm40="
    },
    "lodash.assignin": {
      "version": "4.2.0",
@ -3367,14 +3345,12 @@
        "array-unique": {
          "version": "0.3.2",
          "resolved": "http://registry.npm.taobao.org/array-unique/download/array-unique-0.3.2.tgz",
-          "integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg=",
+          "integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg="
          "optional": true
        },
        "braces": {
          "version": "2.3.2",
          "resolved": "http://registry.npm.taobao.org/braces/download/braces-2.3.2.tgz",
          "integrity": "sha1-WXn9PxTNUxVl5fot8av/8d+u5yk=",
          "optional": true,
          "requires": {
            "arr-flatten": "^1.1.0",
            "array-unique": "^0.3.2",
@ -3392,7 +3368,6 @@
              "version": "2.0.1",
              "resolved": "http://registry.npm.taobao.org/extend-shallow/download/extend-shallow-2.0.1.tgz",
              "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
              "optional": true,
              "requires": {
                "is-extendable": "^0.1.0"
              }
@ -3551,7 +3526,6 @@
          "version": "4.0.0",
          "resolved": "http://registry.npm.taobao.org/fill-range/download/fill-range-4.0.0.tgz",
          "integrity": "sha1-1USBHUKPmOsGpj3EAtJAPDKMOPc=",
          "optional": true,
          "requires": {
            "extend-shallow": "^2.0.1",
            "is-number": "^3.0.0",
@ -3563,7 +3537,6 @@
              "version": "2.0.1",
              "resolved": "http://registry.npm.taobao.org/extend-shallow/download/extend-shallow-2.0.1.tgz",
              "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
              "optional": true,
              "requires": {
                "is-extendable": "^0.1.0"
              }
@ -3623,8 +3596,7 @@
        "is-extglob": {
          "version": "2.1.1",
          "resolved": "http://registry.npm.taobao.org/is-extglob/download/is-extglob-2.1.1.tgz",
-          "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
+          "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI="
          "optional": true
        },
        "is-glob": {
          "version": "4.0.0",
@ -3639,7 +3611,6 @@
          "version": "3.0.0",
          "resolved": "http://registry.npm.taobao.org/is-number/download/is-number-3.0.0.tgz",
          "integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=",
          "optional": true,
          "requires": {
            "kind-of": "^3.0.2"
          },
@ -3648,7 +3619,6 @@
              "version": "3.2.2",
              "resolved": "http://registry.npm.taobao.org/kind-of/download/kind-of-3.2.2.tgz",
              "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
              "optional": true,
              "requires": {
                "is-buffer": "^1.1.5"
              }
@ -3658,14 +3628,12 @@
        "isobject": {
          "version": "3.0.1",
          "resolved": "http://registry.npm.taobao.org/isobject/download/isobject-3.0.1.tgz",
-          "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=",
+          "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8="
          "optional": true
        },
        "kind-of": {
          "version": "6.0.2",
          "resolved": "http://registry.npm.taobao.org/kind-of/download/kind-of-6.0.2.tgz",
-          "integrity": "sha1-ARRrNqYhjmTljzqNZt5df8b20FE=",
+          "integrity": "sha1-ARRrNqYhjmTljzqNZt5df8b20FE="
          "optional": true
        },
        "micromatch": {
          "version": "3.1.10",
@ -3890,8 +3858,7 @@
    "picomatch": {
      "version": "2.2.2",
      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz",
-      "integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==",
+      "integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg=="
      "optional": true
    },
    "posix-character-classes": {
      "version": "0.1.1",
--- a/source/_posts/DIR-802-OS-Command-Injection.md
+++ b/source/_posts/DIR-802-OS-Command-Injection.md
@ -13,6 +13,7 @@ description: 提交个漏洞
 > by Cool
 #### 漏洞已提交厂商
 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10206
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29379
 #### 漏洞类型
 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
--- a/source/_posts/aflnw-blackbox.md
+++ b/source/_posts/aflnw-blackbox.md
@ -0,0 +1,71 @@
 ---
 title: 利用AFL黑盒测试网络协议
 date: 2021-05-20 19:26:35
 tags:
 - 模糊测试
 categories:
 - IOT
 description: 做对比实验用的小工具，在拿不到固件的情况下，可以用AFL的变异策略尝试fuzz
 ---
 源码：https://github.com/Cool-Y/aflnw_blackbox
 AFL是基于变异的模糊测试方法的代表工作，其主要应用于非结构化数据处理程序的漏洞挖掘中。但使用AFL具有比较多的限制：
 1. 本地运行被测程序，从而获取覆盖率等反馈信息
 2. 被测程序从基本输入输出获取数据
 因此无法直接使用AFL对远程服务进行黑盒测试
 ## 现有工作
 目前针对限制2已经有一些解决方案：
 1. hook socket调用：利用 `preeny`库辅助；AFLplusplus
    1. https://www.cnblogs.com/hac425/p/9416917.html
    2. https://github.com/AFLplusplus/AFLplusplus/tree/stable/utils/socket_fuzzing
 2. 修改AFL传递数据的方式：AFLNet: A Greybox Fuzzer for Network Protocols，aflnet在AFL的基础上，将标准输入修改为网络发包的方式
    1. https://github.com/aflnet/aflnet
    2. https://www.comp.nus.edu.sg/~abhik/pdf/AFLNet-ICST20.pdf
 3. 修改网络程序接收数据的方式：bind9的代码中专门提供了用于Fuzz的部分。
    1. https://github.com/isc-projects/bind9/tree/main/fuzz
 4. 利用AFL Persistent Mode
    1. https://www.fastly.com/blog/how-fuzz-server-american-fuzzy-lop
    2. https://sensepost.com/blog/2017/fuzzing-apache-httpd-server-with-american-fuzzy-lop-%2B-persistent-mode/
 5. 利用辅助程序转发AFL的输入
    1. https://github.com/LyleMi/aflnw/blob/main/README.zh-cn.md
 但是如果无法将程序放在本地运行，比如物联网设备在拿不到固件的情况下，如何利用AFL的变异方式进行模糊测试。
 ## 黑盒方案
 在aflnw的基础上，对辅助程序的工作方式进行了修改，从而实现在不对AFL和被测程序进行修改的条件下，使用一个辅助程序接收AFL从标准输入传递进来的数据，然后通过网络转发给UPnP服务，辅助程序会间隔性地与UPnP端口建立TCP连接，从而判断测试用例是否导致程序崩溃。
 ![](https://res.cloudinary.com/dozyfkbg3/image/upload/v1621510535/ufuzzer/image_33.png)
 ## 如何安装
 ```
 git clone https://github.com/LyleMi/aflnw.gitcd aflnw
 export CC=/path/to/afl/afl-clang-fast
 mkdir build && cd build && cmake .. && make
 ```
 ## 如何使用
 1. 使用wireshark采集种子输入（Follow→TCP Stream，保存为raw文件）
 ![](https://res.cloudinary.com/dozyfkbg3/image/upload/v1621510534/ufuzzer/image_35.png)
 2. 确定通信协议（udp/tcp）、服务端监控地址、服务端监控端口、socket本地绑定地址
 3. fuzz，以UPnP协议为例
 ```
 afl-fuzz -t 1000+ -i ./soap_input/ -o ./soap_out/ -- ./build/aflnw -a 192.168.2.2 -p 5000 -m tcp
 afl-fuzz -t 2000+ -i ./ssdp_input/ -o ./ssdp_out/ -- ./build/aflnw -a 239.255.255.250 -p 1900 -m udp
 ```
 ![](https://res.cloudinary.com/dozyfkbg3/image/upload/v1621510535/ufuzzer/image_34.png)
 4. 崩溃重放
 ```
 ./build/aflnw -a 239.255.255.250 -p 1900 -m udp < soap_out/crashes/id:00000....
 ./build/aflnw -a 192.168.2.2 -p 5000 -m tcp < ssdp_out/crashes/id:000000.....
 ```
 ## 问题
 效率很低
--- a/source/about/index.md
+++ b/source/about/index.md
@ -7,12 +7,12 @@ comments: false
 ------
 ## TL;DR
- 🔭 I’m currently focus on IoT security and Android security.
+- 🔭 Focus on IoT security and Android security.
- 🌱 I’m currently learning VM escape.
+- 🌱 Learning VM escape.
 - 📝 My blog: https://cool-y.github.io/
 - 🏫 Bachelor: Sichuan university; Master: Wuhan university
 - 📫 Hit me up: cool.yim@foxmail.com
- ⚡ Fun fact: ‘Fun Facts’ Are Never Fun
+- ⚡ Fun fact: 'Fun Facts' Are Never Fun
 - 💬 Ask me about ...
 ------
@ -23,7 +23,7 @@ comments: false
 ### **Android Data-Clone Attack via Operating System Customization**
 **IEEE Access**, Song, Wenna, Ming Jiang, Han Yan, Yi Xiang, Yuan Chen, Yuan Luo, Kun He, and Guojun Peng.
-### **App’s Auto-Login Function Security Testing via Android OS-Level Virtualization**
+### **App's Auto-Login Function Security Testing via Android OS-Level Virtualization**
 **ICSE'21**, Song, Wenna, Jiang Ming, Lin Jiang, Han Yan, Yi Xiang, Yuan Chen, Jianming Fu, and Guojun Peng.
 -------
@ -36,4 +36,4 @@ comments: false
 - PSV-2019-0164
 - CVE-2019-15843
 - PSV-2020-0211(extended)
- CVE-2020-15893(extended)
+- CVE-2021-29379
--- a/themes/next/_config.yml
+++ b/themes/next/_config.yml
@ -145,7 +145,7 @@ social:
  #YouTube: https://youtube.com/yourname || youtube
  Instagram: https://www.instagram.com/yan__han/ || instagram
  #Skype: skype:yourname?call|chat || skype
-  RSS: /atom.xml || fas fa-rss
+  # RSS: /atom.xml || fas fa-rss
 social_icons:
  enable: true
@ -549,8 +549,8 @@ rating:
 # You can visit https://leancloud.cn get AppID and AppKey.
 leancloud_visitors:
  enable: true
-  app_id: EWwoJgHNdlj6iBjiFlMcabUO-gzGzoHsz
+  app_id: CnxMogaLcXQrm9Q03lF8XH7j-gzGzoHsz
-  app_key: x8FxDrYG79C8YFrTww9ljo8K
+  app_key: EHqNuJ6AYvuHnY6bN6w2SMXl
 # Another tool to show number of visitors to each article.
 # visit https://console.firebase.google.com/u/0/ to get apiKey and projectId
--- a/themes/next/source/css/_variables/base.styl
+++ b/themes/next/source/css/_variables/base.styl
@ -62,8 +62,8 @@ get_font_family(config) {
 }
 // Font families.
-$font-family-chinese      = "PingFang SC", "Microsoft YaHei"
+//$font-family-chinese      = "PingFang SC", "Microsoft YaHei"
-
+$font-family-chinese = "Noto Serif SC";
 $font-family-base         = $font-family-chinese, sans-serif
 $font-family-base         = get_font_family('global'), $font-family-chinese, sans-serif if get_font_family('global')
Author	SHA1	Message	Date
Cool-Y	cb473d6f98	leancloud	2021-05-21 15:34:39 +08:00
Cool-Y	31dc77a58e	aflnw blackbox	2021-05-20 19:37:57 +08:00
Cool-Y	da5e73ebce	afl blackbox	2021-05-20 19:34:04 +08:00