Monday, September 26, 2011

CERT Basic Fuzzing Framework in QEmu

Here is a follow-up post on how to use QEmu to run the BFF from CERT. Since the support for sharing files between host and guest OSes is not always there, I'm suggesting to use another method for that. In this case, I'll just copy the files in the VM.

I assume you already downloaded the files from CERT, so I will not repeat that.

1. Convert to qemu format
qemu-img convert DebianFuzz.vmdk -O qcow2 DebianFuzz-copy.qemu
2. Copy to whichever system will run it
scp DebianFuzz-copy.qemu myvmhost:
3. Login to that host and start the VM with network support and VNC
sudo qemu-system-x86_64 -m 512 ~/DebianFuzz-copy.qemu -vnc :1 -net nic -net tap
4. Connect using Remmina to myvmhost:5901
5. In the, VM connect to the network using DHCP
dhclient eth1
6. Change your apt configuration if needed
7. Install OpenSSH
su -c "apt-get install ssh"
8. Copy the data from your own box
scp -r mydesktop:~/fuzz-shared ~/fuzzing
9. Configure a symlink:
sudo ln -s /mnt/hgfs/fuzz /home/fuzz/fuzzing
10. Restart the VM
sudo shutdown -r now

While this officially runs 'fine', I personally have not been too happy with it. Things are slow, and the results we get are only in a log file. So that means hours of fuzzing and I don't even get a sample to test with!

No comments:

Post a Comment