American Fuzzy Lop

From charlesreid1

Link to more information: https://necurity.co.uk/netsec/2015/03/30/Fun-With-AFL.html#sthash.h9Aurb7C.dpbs

American fuzzy lop is a program for Fuzzing. It is very sophisticated and can be instrumented with a binary to do very targeted fuzzing.

Installing

Get the latest version, and run make to make it: 

$ wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz 
$ tar -xvf afl-latest.tgz cd afl-latest.tgz
$ cd afl-*
$ make 
$ make install

Success! 

root@morpheus:~/codes/afl-2.10b# which afl-fuzz
/usr/local/bin/afl-fuzz

Fuzzing a Program

Programs that can be fuzzed are those that take input files, usually binary files or unusual formats. (Think mp3, multimedia, images, etc.) 

wget http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.6.tar.gz 
tar -xvf libressl-2.1.6.tar.gz cd libressl-2.1.6/ 
CC=~/afl/afl-1.57b/afl-gcc ./configure 
make check 
mkdir /root/testing 
export DESTDIR=/root/testing/ 
make install

AmericanFuzzyLoop1.png

AmericanFuzzyLoop2.png

Links

Nice overview and tutorial to causing and exploring program crashes: http://necurity.co.uk/netsec/2015-03-26-Fun-With-AFL/#sthash.h9Aurb7C.dpbs

Flags


Defcon.png
Fuzzing
a brute force technique to test programs' abilities to deal with malformed inputs.


Fuzzing  · Category:Fuzzing

American Fuzzy Lop


Category:Fuzzing  · Category:Kali  · Category:Security

Flags  · Template:FuzzingFlag  · e





Defcon.png
Kali Linux
"The quieter you become, the more you are able to hear."

Penetration testing Linux distribution.


Kali  · Category:Kali

Kali/Wireless Reboot


Kali Software:

Kali Tools

Kali Top 10

Aircrack  · Wireshark  · John the Ripper  · Nmap  · Metasploit Framework

Dsniff  · Tcpdump  · Hydra  · Sqlmap  · Burpsuite  · OWASP Zap

Dirbuster  · Recon-ng  · Valgrind


Attack Workflow:

Kali/Workflow

1 Physical Attacks: Kali/Layer 1 Attacks

2 Data/MAC Attacks: Kali/Layer 2 Attacks

3 Network Attacks: Kali/Layer 3 Attacks

4 Transport Attacks: Kali/Layer 4 Attacks

5 Session Attacks: Kali/Layer 5 Attacks

6 Presentation Attacks: Kali/Layer 6 Attacks

7 Application Attacks: Kali/Layer 7 Attacks


Red Team Blue Team

Metasploitable - Red Team

Metasploitable - Blue Team


Networking:

Kali/Hotspot  · Kali/OpenVPN  · Kali/OpenVPN/Hotspot  · Kali/OpenVPN/PIA

Kali/IPv6


Booting:

Kali/Dual Boot OS X  · Kali/Live USB  · Kali/Persistent USB


Installing:

Kali/Installing  · Kali/Post Install  · Kali/Fixes


Kali on Raspberry Pi:

Kali Raspberry Pi  · Kali Raspberry Pi/Installing  · Kali Raspberry Pi/Headless  · Kali Raspberry Pi/Post-Install


Category:Security  · Category:Wireless  · Category:Passwords  · Category:Man in the Middle  · Category:Evil Twin

Flags  · Template:KaliFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=American_Fuzzy_Lop&oldid=16524"