Practical fuzzing on open-source projects
Hackers exploiting software vulnerabilities found in all software programs, resulting in unfavorable outcomes, which is a major concern in software security. This highlights the importance of patching such vulnerabilities before hackers can exploit them, which is a race against time. Zero-day exploi...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/162837 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Hackers exploiting software vulnerabilities found in all software programs, resulting in unfavorable outcomes, which is a major concern in software security. This highlights the importance of patching such vulnerabilities before hackers can exploit them, which is a race against time. Zero-day exploits is one of such vulnerability. In this study, we perform fuzzing on a popular command line text editor, VIM, on the Ubuntu systems using the American Fuzzy Lop Plus Plus (AFL++). The goal of this project is to find crashes that may lead to a previously unknown vulnerability in the targeted program. The input files (seeds) contain multiple text files containing various special characters and languages. These input files were obtained from the internet as well as previously discovered Proof-of-Concept (POC) crashes from other users, but by changing the options used, the same POC will explore a different path in the code. This paper provides a detailed explanation, setup, and highlights the steps for the 9-11 month long fuzzing campaign. The reproducible crashes were analyzed and submitted to huntr.dev to notify the developers of the vulnerability. |
|---|