Answered step by step
Verified Expert Solution
Question
1 Approved Answer
I need to know how to start the following assignment project. Choose a Target You are free to analyse any open - source project in
I need to know how to start the following assignment project.
Choose a Target
You are free to analyse any open
source project in C
C
so that AFL can instrument the source code
Any target project should contain at least
lines of code and optionally include a test suite. You may find many different projects listed on GitHub, SourceForge, GNU, or other public repositories of opensource software. For example, just to name a few common software: openssl, boringssl, c
ares, json, lcms
libarchive openthread, pcre
re
sqlite vorbis, woff
and hundreds more. You can choose some older outdated software where it may be easier to find bugs, or some newer up
todate software where finding bugs may be harder but also more interesting. Moreover, the more wellknown the software is
the fewer vulnerabilities it will likely have
you aren't the only one looking for bugs
To keep it simple, choose some software that can take a single file as input on the command line. Please ask if you have questions about the suitability of particular software. Keep in mind that there is always a possibility that AFL cannot find any bug in some software or some versions of the software. After all, the fuzzing process is probabilistic and the software may be largely bug
free. Therefore, you may need to scan multiple software with AFL until you find bugs. But you only need to report the software of your best attempt.
Investigate Vulnerabilities
You should investigate the crashes reported by AFL and find out if they may be vulnerable. For each vulnerability, you should provide the following details in your report: What is the cause of the vulnerability?
i
e
what is the fundamental bug in the code that causes it
You should be very specific
e
g
if it's a buffer overflow, explain what the specific error with the use of buffer is
and how the given input file triggers this error
Where does the vulnerability take place
i
e
wherein the code of the target is it located
Please specify the source file and line number, as well as any other functions that are relevant to creating the conditions of the bug. How exploitable is this vulnerability? Does it just crash the program, or can the attacker take advantage of it to do more things
inject shellcode, corrupt metadata used by memory management, etc.
What would an attacker need to do in order to exploit? IFN
Assignment
How would you fix this vulnerability?
i
e
how would you modify the specific code of the program to prevent this vulnerability?
Include at least one input file that reproduces the vulnerability. If the input is text
based, you can include it in the appendix of the report; otherwise, submit it along with the report
your report should provide the instruction of using the input to reproduce the vulnerability
Please note that some vulnerabilities are more interesting and
or easier to document than others. In case that AFL reports lots of vulnerabilities, feel free to investigate several before picking the specific ones you want to document. If the vulnerabilities you find are already documented where else, you must give references to previous reports
and
or their CVE numbers if available
You must provide full evidence of how you detect the known vulnerabilities with your own analysis
see the marking criteria below
Document the Process
You will document the details of your experience with fuzzing in a report. You must explain your approach and report your findings in a self
contained and understandable way. For us to understand the report better, you may include screenshots or other means
e
g
graphs or diagrams
as evidence of successful fuzzing, which must be clearly visible and easy to read. If gdb is used to analyse the vulnerabilities, you may use screenshots to explain how you use gdb to find out the memory or code information. Screenshots can be either placed in the main text of the report or in the appendix
in which case they should be clearly marked and referenced in the main text
Remember the goal of your report is to clearly show what you have done. At the beginning of your report, you must provide a completion statement for everything you have delivered in the report. If you used any help from any source
e
g
books papers, online articles, etc.
in the assignment, you must provide full references to them, and in addition, you must clearly identify your own contributions to the assignment. It is plagiarism to use other people's work as your own! In the last part of your report, you should reflect on the challenges you faced during this process, as well as your approaches to overcome them. You should observe the strengths and weaknesses.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started