Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Joshua Pereyda
    @jtpereyda
    ah then @nurajbihari you'll want to install from source
    nurajbihari
    @nurajbihari
    Looking at it thanks
    I'm actually still having issues with setting up a udp connection.
    The documentaion says that I can't have a bind and also server enabled for udp connection / server side fuzzing
    how am I to fuzz from the server side while also having a udp connection
    udp socket opened*
    nurajbihari
    @nurajbihari
    # Author: Uday Mittal
    # Company: Yaksas CSC
    # Contact: csc@yaksas.in | twitter.com/yaksas443
    import logging
    import socket
    import textwrap
    from boofuzz import *
    
    def main():
        target_ip = "0.0.0.0"
        session = Session(
            target=Target(
                connection=UDPSocketConnection(target_ip,27015)))
            (data, addr) = s.recv(128*1024)
            requestType = checkRequestType(data)
            if requestType == "INFO":
                session = Session(
                    target=Target(
                        connection=UDPSocketConnection("192.168.119.137", 27015)))
                s_initialize("info")
                s_static("\xFF\xFF\xFF\xFF")                         # Pre (4 bytes)
                s_static("\x49")                                  # Header (1 byte)
                s_static("\x02")                               # Protocol version (1 byte)
                s_string("Avins-Server") # Server name (string)
                s_static("de_dust2" + "\x00") # Map name (string)
                s_static("csgo" + "\x00") # Name of the folder contianing the game files (string)
                s_static("Counter-Strike: Global Offensive") # Game name (string)
                s_static("\xda\x02") # Game ID (short)
                s_static("\xFF") # Amount of players in the server (byte)
                s_static("\xFF") # Max player allowed (byte)
                s_static("\x00") # Bots in game (byte)
                s_static("d") # Server type, d = dedicate (byte)
                s_static("l") # Hosted on windows linux or mac, l is linux (byte)
                s_static("\x00") # Password needed? (byte)
                s_static("\x01") # VAC enabled? (byte)
                s_static("1.3.6.7.1\x00")
                session.connect(s_get("info"))
                session.fuzz()
    
            elif requestType == "PLAYER":
                session = Session(
                    target=Target(
                        connection=UDPSocketConnection("192.168.119.137", 27015)))
                s_initialize("player")
                s_static("\xFF\xFF\xFF\xFF")
                s_static("\x44")
                s_static("\x01")
                s_static("\x01")
                s_static("ASH")
                s_static("")
                s_static("")
    
                session.connect(s_get("player"))
                session.fuzz()
            else:
                response = 'nope'
            s.sendto(response,addr)
            yield data
    
        session.fuzz()
    
    
    def checkRequestType(data):
        # Header byte contains the type of request
        header = data[4]
        if header == "\x54":
            print("[*] Received A2S_INFO request")
            return "INFO"
        elif header == "\x55":
            print("[*] Received A2S_PLAYER request")
            return "PLAYER"
        else:
            print ("Unknown request")
            return "UNKNOWN"
    
    
    if __name__=="__main__":
        main()
    That's what I got so far
    nurajbihari
    @nurajbihari
    Also, my max payload is 65507. How would I tell boofuzz that it can only send up to that size so it doesnt crash?
    Joshua Pereyda
    @jtpereyda
    Oh right, bind and server don't make sense together
    wait, hmm
    Joshua Pereyda
    @jtpereyda

    The documentaion says that I can't have a bind and also server enabled for udp connection / server side fuzzing

    can you quote this bit? can't find it on the page

    and, you have something sending packets to it right?
    but looking at the code, that seems to be right -- this could probably be fixed
    but yeah in the meantime you provide host, port, and server arguments
    from the implementation
            if self.server:
                self._sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
                self._sock.bind((self.host, self.port))
    host, port, and server should do it -- as you can see it will bind anyway. Has anybody run a UDP fuzzer-as-server before?
    nurajbihari
    @nurajbihari

    and, you have something sending packets to it right?

    Yes, there's a client constantly sending requests

    The documentaion says that I can't have a bind and also server enabled for udp connection / server side fuzzing

    can you quote this bit? can't find it on the page

        if self.bind and self.server:
            raise Exception("You cannot set both bind and server at the same time.")
    nurajbihari
    @nurajbihari
    Do you guys have any idea why I would get this error?
    TypeError: recv() missing 1 required positional argument: 'max_bytes'
    import logging
    import socket
    import textwrap
    from boofuzz import *
    
    def udp_server():
        host = "0.0.0.0"
        port = 27015
        session = Session(
            target=Target(
                connection=UDPSocketConnection(host, port, server=True, bind=False)))
    
        maxData = 128*1024
        (data, addr) = UDPSocketConnection.recv(maxData)
    sorry, I have been pulling my hair out on this one and I really just wanna make it work lol
    Katharina Bogad
    @mistressofjellyfish
    well... what are you trying to do?
    you can't call the recv method on the class directly, you need an instance first, and even this wouldn't make much sense
    better grab the target from the session and use its recv method
    Joshua Pereyda
    @jtpereyda
    https://github.blog/2020-09-17-github-cli-1-0-is-now-available/ would be cool to automate the release procedures
    would be nice to release on every merge and drop the manual build up of features followed by a release
    Maximilian Lindner
    @SR4ven
    Sounds good @jtpereyda. I'll take a look at this when I find some time
    How would we handle the version numbering? We could have something like 0.2.1.dev1 which would be pep440 conform
    Maximilian Lindner
    @SR4ven
    But then, how would we trigger a stable release like 0.2.1. And how do we tell the CI if it's a major, minor or patch level release
    Maximilian Lindner
    @SR4ven
    Also, do we really want each commit to to appear as a release on GitHub? What if we just agree on a fixed release cycle? Say we release at least once a month so the pypi version is always somewhat up to date
    Erik Smit
    @erik-smit
    Could be done based on tag?
    Tagging a commit with 0.2.1 makes it release as 0.2.1
    Erik Smit
    @erik-smit

    https://github.blog/2020-09-17-github-cli-1-0-is-now-available/ would be cool to automate the release procedures

    What parts do you wanna automate?

    Joshua Pereyda
    @jtpereyda
    Would be easy to always increment the minor version number: 0.2.1, 0.2.2, etc. Guess I wouldn't mind a schedule either

    @erik-smit The manual steps for a release right now are:

    1. Increment version number (two files I believe)
    2. Update CHANGELOG
    3. Add tag

    The link makes it seem easyish to automate adding a tag. I'm sure it was possible before though. Just got me thinking. The other two steps might not be as trivial yet.

    @SR4ven I don't know that more releases hurts. Once a month might be enough to keep people from encountering known/fixed bugs too often
    Erik Smit
    @erik-smit
    Do you need github cli to add a tag?
    Erik Smit
    @erik-smit
    I'm not sure what part of github cli you'd need to automate the releasing, but I'd like to help automating. :)
    Joshua Pereyda
    @jtpereyda
    There's the github cli, but it might actually be possible with the systems we've already been using
    @SR4ven basically runs the release infrastructure at this point XD
    release / CI
    Maximilian Lindner
    @SR4ven
    I'm quite sure we could automate the whole workflow with just github actions. github cli might simplify some things.
    On the other hand, I'm sure if automating everything is the best solution and worth the effort.
    IMHO releasing after each commit doesn't exactly help. Confusingly many version numbers, cluttered changelog. Also, we'd have to create a workflow incrementing the version number with every release. If we'd release with every commit, that'd be one overhead commit for each content commit. Works, but isn't pretty.
    Next, we usually cleanup/sort/reword the changelog before creating a release. That's hard to automate, but possible if we make sure that the changelog is already properly worded and formatted in the PR.
    But that might increase the time PRs are hanging open as tiny errors in the changelog would "block" the merge.
    That's why I'd prefer a scheduled release. Monthly appeared reasonable to me as we usually don't have too many changes within that period.
    Maximilian Lindner
    @SR4ven
    If we really wanted to we could try to automate a scheduled release. But then we'd have to implement some way to decide whether the were enough changes that are worth releasing. What if there were no changes at all? We still have to increment the version number and update the changelog.
    To me this sounds like too much work to be effective as the manual release schedule isn't too complicated.
    However, if anyone wants to look into it, I'm happy to provide input or review. I might look into it myself but currently we should focus on finally merging #422. If I remember correctly, reworking some or all unit tests was on the schedule too.
    Maximilian Lindner
    @SR4ven
    I should be able to manually push a release once a month if we agree on that. Say the first weekend of a month or something like that.
    Joshua Pereyda
    @jtpereyda
    @SR4ven Those are some good points; releasing once a month does sound like a better plan