Home

Awesome

EkoParty - Advanced Fuzzing Workshop

Next editions

2nd edition -> https://github.com/antonio-morales/Hackfest_Advanced_Fuzzing_Workshop

Slides

Start here -> Workshop Slides

Requirements

All you need for the workshop is:

Virtual machine

You also can find an .OVF virtual machine with everything already set up for the workshop here

After booting the VM, open a terminal and go to Desktop -> WORKSHOP -> Fuzz 0 -> unrtf

Then, type:

afl-fuzz -i ./tests -o afl-output  -- ./bin/unrtf --verbose -P ./lib/unrtf/ @@

If all it's ok, you'll be able to see a lot of AFL crashes :)

Rules

Awards

The winner of each challenge will receive a coupon to spend in GitHub Shop. Second place will also be awarded.

YOU CAN SEND ME THE CRASHES TO MY TWITTER ACCOUNT @nosoynadiemas

Fuzz Challenge 1 - ESIF (Extremely Stupid Image Format) [40 minutes]

Build:

gcc EkoParty1.c -o EkoParty1 -w -lcrypto -lssl

Run:

./EkoParty1 example.ESIF output.ppm

Fuzz Challenge 2 - Crazy HTTP server [50 minutes]

Build:

gcc EkoParty2.c -o EkoParty2 -w -lz

Run (must be run as root):

./EkoParty2

Fuzz Challenge 3 - Check your grammar

A modified (and vulnerable) UnRTF version

Build:

./configure
make
make install

Run

./unrtf [path]

You can find some examples in the "tests" folder