|
2 | 2 |
|
3 | 3 | ## Introduction |
4 | 4 |
|
5 | | -In this lab, you will write a llvm pass in `llvm-pass/afl-demo-pass.so.cc` and `llvm-pass/afl-demo-rt.o.c`, and enable AFL++ to detect command injection vulnerabilities. |
| 5 | +In this lab, you will write a LLVM pass in `llvm-pass/afl-demo-pass.so.cc` and `llvm-pass/afl-demo-rt.o.c`, and enable AFL++ to detect command injection vulnerabilities. |
6 | 6 |
|
7 | | -## Environment (Important!!!) |
| 7 | +## Environment (Important.) |
8 | 8 |
|
9 | 9 | 1. x86_64 machine |
10 | | -2. ubuntu 22.04 / 24.04 |
| 10 | +2. Ubuntu 24.04 |
11 | 11 | 3. llvm-14 |
12 | 12 |
|
13 | 13 | ## Requirement |
14 | 14 |
|
15 | | -**(100%)** In this lab, you will write a llvm pass in `llvm-pass/afl-demo-pass.so.cc` & `llvm-pass/afl-demo-rt.o.c` and satisfy following requirements. |
16 | | -1. When running afl++ to fuzz `program`, `program` can't crash by `system("echo AAA");` at line 34 in `program.c`. It's not command injection and you will see below error message when you try to fuzz: |
| 15 | +**(100%)** In this lab, you will write a LLVM pass in `llvm-pass/afl-demo-pass.so.cc` & `llvm-pass/afl-demo-rt.o.c` and satisfy the following requirements. |
| 16 | +1. When running afl++ to fuzz `program`, `program` can't crash by `system("echo AAA");` at line 34 in `program.c`. It's not command injection, and you will see the error message below when you try to fuzz: |
17 | 17 | ``` |
18 | 18 | [-] PROGRAM ABORT : We need at least one valid input seed that does not crash! |
19 | 19 | ``` |
20 | | - Of course, you can not just detect this line to avoid it. We will change this command and add more system functions (which won't cause command injection) in `program.c` when testing your fuzzer. |
21 | | -2. When running afl++ to fuzz `program`, fuzzer need to find the command injection `system(cmd);` at line 18 in `program.c`. |
| 20 | + Of course, you can not just detect this line to avoid it. We will modify this command and add additional system functions (which won't cause command injection) in `program.c` during testing with your fuzzer. |
| 21 | +2. When running afl++ to fuzz `program`, the fuzzer needs to find the command injection `system(cmd)` at line 18 in `program.c`. |
22 | 22 | 3. Write a report in `report.md` to explain your work |
23 | | -4. Fill Name and ID, and copy crash fuzzer report and crash input (use `xxd`) in `report.md`. |
| 23 | +4. Fill Name and ID, and copy the crash fuzzer report and crash input (use `xxd`) in `report.md`. |
24 | 24 | e.g. |
25 | 25 | Crash Fuzzer Report: |
26 | 26 | ``` |
@@ -58,5 +58,6 @@ In this lab, you will write a llvm pass in `llvm-pass/afl-demo-pass.so.cc` and ` |
58 | 58 |
|
59 | 59 | ## Submission |
60 | 60 |
|
61 | | -1. Write a report in `report.md` to explain your work |
62 | | -2. You need to commit and push the corresponding changes to your repository, which contains the code that satisfies the aforementioned requirements. |
| 61 | +1. Write a report in `report.md` to explain your work. |
| 62 | +2. You must submit these two files `llvm-pass/afl-demo-pass.so.cc` and `llvm-pass/afl-demo-rt.o.c`. |
| 63 | +3. You need to commit and push the corresponding changes to your repository, which contains the code that satisfies the aforementioned requirements. |
0 commit comments