Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 07 Mar 2015 19:41:00 +0300
From: Alexander Cherepanov <ch3root@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Any advice on how to fuzz john jumbo by AFL

On 2015-03-07 18:48, Frank Dittrich wrote:
> On 03/07/2015 03:59 PM, Kai Zhao wrote:
>> Would you please show me the Alexander's fuzzing scripts? Thank you.
>
> Openwall's archive stripped the attachments, and gmane doesn't have that
> mail at all.

Found in one of your bug reports:-) :

http://article.gmane.org/gmane.comp.security.openwall.john.devel/8105

> But here is a  version which includes the scripts.
>
> https://marc.info/?l=john-dev&m=136719502025109
>
>
> What Alexander's scripts do is:

The scripts are very simple but they were quite effective to point out 
many basic problems (like missing valid()s). After such problems are 
fixed, more advanced fuzzer (like afl) is going to uncover many other 
issues.

> First, grep the source code for all samples of hashes, and redirect into
> a file.
>
> Instead of grepping the source I used

Thanks for describing it. Perhaps I missed it earlier.

> ./john --list=format-tests ... | cut -f 3 > ...

And implemented --list=format-tests... Thanks for this!

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ