[fuzzing] Sulley Fuzzing Framework vmcontrol.py problem.
foobar.foobar at yahoo.com
Wed Mar 17 14:22:46 UTC 2010
I am wanting some help regarding the sulley fuzzing framework. If you are familiar with it you will know there are these main parts: vmcontrol.py, network_monitor.py, process_monitor.py along with yout actual fuzzing script you will have written for whatever application you are fuzzing. Your script and vmcontrol.py run on the host machine and network_monitor and process_monitor run on the guest (vmware) machine.
I have a problem with vmcontrol.py. At the point where it restarts vmware and loads your snapshot that you have specified it waits for the virtual machine to come up and then tries to check if the image is running so fuzzing can continue. This seems to be accomplished by the "list", "is_target_running" and "restart_target" functions in vmcontrol.py.
I get to the point where it prints to the screen "listing running images" which from the code it looks like it is using the vmrun.exe -list command to do this. I presume (I am a python newbie so I am having a bit of difficulty interpreting the code) that it is supposed to notice that the image is running (by using readlines() ?) and return control over back to my fuzing script to continue iterating through the test cases. However it just loops forever with "listing running images" in the command window.
I have read the sulley documentation and followed the "Complete Walkthrough" section where they provide the fuzz_trend_server_protect_5168.py script along with the relative request .py files. I installed server protect on a win2k server in a VM and ran through the tutorial. I get the same problem. So I tried the walkthrough in the "grey hat hacking" book fuzzing the NIPRINT server and again got to the same problem. I have the same issue on VMWare Workstation 6, 6.5 and 7 so it must be something I am missing that is not mentioned in the documentation that you have to configure.
When I am doing my own fuzzing with sulley, I bypass all the vmware control functionality, but obviously this is silly and is annoying if the VM crashes. If anyone has had this problem before and knows the answer straight off then great. If you want more information I will be happy to provide it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the fuzzing