diff --git a/bin/ansvif_1.5-3_amd64/DEBIAN/control b/bin/ansvif_1.5-3_amd64/DEBIAN/control deleted file mode 100644 index 499fd7a..0000000 --- a/bin/ansvif_1.5-3_amd64/DEBIAN/control +++ /dev/null @@ -1,12 +0,0 @@ -Package: ansvif -Version: 1.5-3 -Section: base -Priority: optional -Architecture: amd64 -Depends: zlib1g -Recommends: gcc, g++, gdb -Suggests: valgrind -Maintainer: Marshall Whittaker -Description: fuzzes other programs for bugs - A Not So Very Intelligent Fuzzer - ansvif is a tool designed to help researchers find code vulnerabilities and bugs. diff --git a/bin/ansvif_1.5-3_amd64/usr/share/man/man1/ansvif.1.gz b/bin/ansvif_1.5-3_amd64/usr/share/man/man1/ansvif.1.gz deleted file mode 100644 index 99f8e0a..0000000 Binary files a/bin/ansvif_1.5-3_amd64/usr/share/man/man1/ansvif.1.gz and /dev/null differ diff --git a/bin/ansvif_1.5-3_amd64/usr/share/man/man1/find_suid.1.gz b/bin/ansvif_1.5-3_amd64/usr/share/man/man1/find_suid.1.gz deleted file mode 100644 index 17dc0d1..0000000 Binary files a/bin/ansvif_1.5-3_amd64/usr/share/man/man1/find_suid.1.gz and /dev/null differ diff --git a/bin/ansvif_1.5-3_i386/DEBIAN/control b/bin/ansvif_1.5-3_i386/DEBIAN/control deleted file mode 100644 index 0a457b9..0000000 --- a/bin/ansvif_1.5-3_i386/DEBIAN/control +++ /dev/null @@ -1,12 +0,0 @@ -Package: ansvif -Version: 1.5-3 -Section: base -Priority: optional -Architecture: i386 -Depends: zlib1g -Recommends: gcc, g++, gdb -Suggests: valgrind -Maintainer: Marshall Whittaker -Description: fuzzes other programs for bugs - A Not So Very Intelligent Fuzzer - ansvif is a tool designed to help researchers find code vulnerabilities and bugs. diff --git a/bin/ansvif_1.5-3_i386/usr/share/man/man1/ansvif.1.gz b/bin/ansvif_1.5-3_i386/usr/share/man/man1/ansvif.1.gz deleted file mode 100644 index 99f8e0a..0000000 Binary files a/bin/ansvif_1.5-3_i386/usr/share/man/man1/ansvif.1.gz and /dev/null differ diff --git a/bin/ansvif_1.5-3_i386/usr/share/man/man1/find_suid.1.gz b/bin/ansvif_1.5-3_i386/usr/share/man/man1/find_suid.1.gz deleted file mode 100644 index 17dc0d1..0000000 Binary files a/bin/ansvif_1.5-3_i386/usr/share/man/man1/find_suid.1.gz and /dev/null differ diff --git a/configure b/configure index 293285f..728e629 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ansvif 1.5.3. +# Generated by GNU Autoconf 2.69 for ansvif 1.6. # # Report bugs to . # @@ -580,8 +580,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ansvif' PACKAGE_TARNAME='ansvif' -PACKAGE_VERSION='1.5.3' -PACKAGE_STRING='ansvif 1.5.3' +PACKAGE_VERSION='1.6' +PACKAGE_STRING='ansvif 1.6' PACKAGE_BUGREPORT='marshallwhittaker@gmail.com' PACKAGE_URL='' @@ -1287,7 +1287,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ansvif 1.5.3 to adapt to many kinds of systems. +\`configure' configures ansvif 1.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1354,7 +1354,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ansvif 1.5.3:";; + short | recursive ) echo "Configuration of ansvif 1.6:";; esac cat <<\_ACEOF @@ -1447,7 +1447,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ansvif configure 1.5.3 +ansvif configure 1.6 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1795,7 +1795,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ansvif $as_me 1.5.3, which was +It was created by ansvif $as_me 1.6, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4753,7 +4753,7 @@ fi # Define the identity of the package. PACKAGE='ansvif' - VERSION='1.5.3' + VERSION='1.6' cat >>confdefs.h <<_ACEOF @@ -5672,7 +5672,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ansvif $as_me 1.5.3, which was +This file was extended by ansvif $as_me 1.6, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -5729,7 +5729,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ansvif config.status 1.5.3 +ansvif config.status 1.6 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 15500b9..b611ffc 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([ansvif], [1.5.3], [marshallwhittaker@gmail.com]) +AC_INIT([ansvif], [1.6], [marshallwhittaker@gmail.com]) AC_PROG_CC AC_PROG_CXX AC_LANG([C++]) diff --git a/src/linux/main.cpp b/src/linux/main.cpp index 1e91cfa..e26349b 100644 --- a/src/linux/main.cpp +++ b/src/linux/main.cpp @@ -120,7 +120,7 @@ int main(int argc, char *argv[]) { // initialize our main debug = false, is_other = false, dump_opts = false, never_rand = false, valgrind = false, single_try = false, percent_sign = false; /* what version of ansvif are we running? */ - std::string ver = "1.5.3"; + std::string ver = "1.6"; /* first off we're going to start the signal handler incase they * do ctrl+c or something */ diff --git a/src/match_seg.cpp b/src/match_seg.cpp index 1168237..013dd47 100644 --- a/src/match_seg.cpp +++ b/src/match_seg.cpp @@ -361,35 +361,9 @@ bool match_seg(int buf_size, std::vector opts, std::thread reaper_thread(reaper, pid, t_timeout); /* takes care of the reaper thread */ reaper_thread.detach(); - #endif -// #endif -/* #ifdef _WIN32 -// int pid; - FILE *fp = popen2_win(out_str); - char command_out[4096] = {0}; - std::stringstream output; - while (read(fileno(fp), command_out, sizeof(command_out) - 1) != 0) { - output << std::string(command_out); - /* make sure we don't overflow */ -/* - memset(&command_out, 0, sizeof(command_out)); - } - /* close out the command cleanly */ -// pclose2_win(fp); - - /* this here takes care of the command that is run after - * the fuzz - */ - // int run_com_pid; -/* - if (run_command != "") { - FILE *fp = popen2_win(run_command); - pclose2_win(fp); - } - #endif + #endif /* our output will be stored here! */ std::string cmd_output; - if (write_file_n != "") { #ifdef __linux std::ostringstream pid_as_s; @@ -478,7 +452,7 @@ bool match_seg(int buf_size, std::vector opts, } if (write_to_file == true) { /* logging hangs */ - #ifdef __linux + #ifdef __linux std::ostringstream pid_as_s; pid_as_s << pid; #endif diff --git a/src/win/bin2hex.cpp b/src/win/bin2hex.cpp index d5ccdca..853e470 100644 --- a/src/win/bin2hex.cpp +++ b/src/win/bin2hex.cpp @@ -15,22 +15,28 @@ #include std::string binstr_to_hex(std::string bin_str) { - std::stringstream hex_out; // initialize the hex to go out - std::string hexxy; // initalize our string to put it in + /* initialize the hex to go out */ + std::stringstream hex_out; + /* initialize our string to put it in with a filler of + * zero and upercase hexadecimal with a width of 2 + */ + std::string hexxy; hex_out << std::setw(2) << std::setfill('0') << std::hex - << std::uppercase; // set the filler to 0, uppercase hexadecimal and - // width 2. + << std::uppercase; std::copy(bin_str.begin(), bin_str.end(), std::ostream_iterator( - hex_out, "\\x")); // for each of them, go put the \\x infront - // for the output to go to printf - if (hex_out.str() != "") { // if we don't have anything in the buffer - hexxy = hex_out.str() + "20"; // put a space + hex_out, "\\x")); + if (hex_out.str() != "") { + /* if we don't have anything in the buffer throw + * a space in + */ + hexxy = hex_out.str() + "20"; } hexxy = "\\x" + hexxy; if (hexxy == "\\x20\\x20") { return ""; } else { - return (hexxy); // return to sys_string in hex to be put into printf + /* return to be fed into printf */ + return (hexxy); } } diff --git a/src/win/bin2hex_pc.cpp b/src/win/bin2hex_pc.cpp index 1f550b6..1ec2b78 100644 --- a/src/win/bin2hex_pc.cpp +++ b/src/win/bin2hex_pc.cpp @@ -15,22 +15,29 @@ #include std::string binstr_to_hex_pc(std::string bin_str) { - std::stringstream hex_out; // initialize the hex to go out - std::string hexxy; // initalize our string to put it in + /* initialize the hex to go out */ + std::stringstream hex_out; + /* initialize our string to put it in with a filler of + * zero and upercase hexadecimal with a width of 2 + */ + std::string hexxy; hex_out << std::setw(2) << std::setfill('0') << std::hex - << std::uppercase; // set the filler to 0, uppercase hexadecimal and - // width 2. + << std::uppercase; + /* for each of them put a % in front for the output to printf + * if we don't have anything in the buffer then we'll just put + * a space + */ std::copy(bin_str.begin(), bin_str.end(), std::ostream_iterator( - hex_out, "%")); // for each of them, go put the % infront - // for the output to go to printf - if (hex_out.str() != "") { // if we don't have anything in the buffer - hexxy = hex_out.str() + "20"; // put a space + hex_out, "%")); + if (hex_out.str() != "") { + hexxy = hex_out.str() + "20"; } hexxy = "%" + hexxy; if (hexxy == "%20%20") { return ""; } else { - return (hexxy); // return to sys_string in hex to be put into printf + /* return the hex */ + return (hexxy); } } diff --git a/src/win/find_suid.cpp b/src/win/find_suid.cpp deleted file mode 100644 index d350e98..0000000 --- a/src/win/find_suid.cpp +++ /dev/null @@ -1,70 +0,0 @@ -/* - * ansvif - * A Not So Very Intelligent Fuzzer - * Marshall Whittaker / oxagast - */ - -// __ _ _ __ ___ __ ____ ____ -// / ( \/ )/ _\ / __)/ _\/ ___(_ _) -// ( O ) (/ ( (_ / \___ \ )( -// \__(_/\_\_/\_/\___\_/\_(____/(__) - -#include -#include -#include -#include -#include -#include -#include -#include - -bool is_suid(const char *file) { - struct stat results; // build the holder - stat(file, &results); // find our file and stat it - if (results.st_mode & S_ISUID) - return true; // if it's suid return true - return false; // else false -} - -void help_me(char *me) { - std::cout << "Usage:" << std::endl - << " " << me << " /bin/ /usr/sbin/ /usr/bin/ /usr/bin/libexec/" - << std::endl; // some useage details - exit(1); // error out because we didn't have proper input -} - -int main(int argc, char **argv) { - if (argc < 2) - help_me(argv[0]); // if there is less than one argument, then go to the - // help page - std::string file_str; // initialize the string for the file - std::vector file_list; // initialize the file list vector - for (int path_num = 1; path_num != argc; - path_num++) { // for each file in the list... - const char *path = argv[path_num]; // do for the current path - DIR *the_dir; // the dir to use - struct dirent *this_dir; // we're using dirent.h for 'this_dir' - the_dir = opendir(path); // open the path to check the files - if (the_dir != NULL) // if it's not nothing... - while ((this_dir = readdir(the_dir))) // and while we're reading... - file_list.push_back(std::string( - this_dir->d_name)); // put it in the file list if it's suid 0 - std::string name; // initialize the name - int file_list_size = - file_list.size(); // so that we don't get a warning with -Wall about - // unsigned variables being compared to integars - for (int file_num = 0; file_num != file_list_size; - file_num++) { // we'll loop through them - name = file_list[file_num]; // put the file name into the 'name' variable - // for the time being - std::string path_to_file = - std::string(path) + - file_list[file_num]; // put it all together (the path and filename) - if (is_suid(path_to_file.c_str()) == true) - std::cout << path_to_file - << std::endl; // if it's suid 0 then we'll print it to STDOUT - } - file_list.clear(); // clear out the file list vector - } - exit(0); // success -} diff --git a/src/win/help.cpp b/src/win/help.cpp index 66ecd22..6e1bead 100644 --- a/src/win/help.cpp +++ b/src/win/help.cpp @@ -4,12 +4,18 @@ * Marshall Whittaker / oxagast */ +// __ _ _ __ ___ __ ____ ____ +// / ( \/ )/ _\ / __)/ _\/ ___(_ _) +// ( O ) (/ ( (_ / \___ \ )( +// \__(_/\_\_/\_/\___\_/\_(____/(__) + #include #include #include #include void help_me(std::string mr_me, std::string ver) { + /* print all the help shit to STDOUT */ std::cout << "ansvif v" << ver << " -- A Not So Very Intelligent Fuzzer" << std::endl @@ -79,7 +85,9 @@ void help_me(std::string mr_me, std::string ver) { << " -P Use % to represent binary in fuzz." << std::endl << " -v Verbose." << std::endl << " -d Debug." - << std::endl; // write all this help file shit out to STDOUT - exit(1); // exit with error 1 because we didn't really do anything but print - // help... + << std::endl; + /* exit with an error because we didn't do anything but + * print a help page + */ + exit(1); } diff --git a/src/win/main.cpp b/src/win/main.cpp index 8a4e000..3afcc21 100644 --- a/src/win/main.cpp +++ b/src/win/main.cpp @@ -42,6 +42,7 @@ std::vector get_other(std::string filename, bool verbose, void write_seg(std::string filename, std::string seg_line); int main(int argc, char *argv[]) { // initialize our main + /* initial random seed for all our randomization mess */ srand(time(NULL)); int opt; // initialize opt for how many options int num_threads = 2; // how many threads are we using? diff --git a/src/win/man_read.cpp b/src/win/man_read.cpp index 53d5f5a..8fc4e20 100644 --- a/src/win/man_read.cpp +++ b/src/win/man_read.cpp @@ -21,6 +21,7 @@ bool file_exists(const std::string &filen); std::vector get_flags_man(std::string man_page, std::string man_loc, bool verbose, bool debug, bool dump_opts) { + /* just error out :( */ std::cout << "Not implemented in Windows, sorry..." << std::endl; exit(1); } diff --git a/src/win/popen2.cpp b/src/win/popen2.cpp index 44dd7bd..8218437 100644 --- a/src/win/popen2.cpp +++ b/src/win/popen2.cpp @@ -9,30 +9,7 @@ // ( O ) (/ ( (_ / \___ \ )( // \__(_/\_\_/\_/\___\_/\_(____/(__) -#include -#include -#include -#include -#include -/* -FILE* popen2_win(std::string command) { - command = "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Powershell.exe " + command; - FILE *cmd_p; - cmd_p = popen(command.c_str(), "r"); - if (!cmd_p) - { - exit(1); - } - return cmd_p; - } - - int pclose2_win(FILE *fp) { - pclose(fp); - return(0); - } - */ - - #include +#include #include #include #include @@ -43,28 +20,17 @@ FILE* popen2_win(std::string command) { FILE *popen2(std::string command, std::string type, int &pid, std::string low_lvl_user) { - - command = "cmd /c C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Powershell.exe -v 5 -c " + command; - char psBuffer[128]; - FILE *pPipe; - - /* Run DIR so that it writes its output to a pipe. Open this - * pipe with read text attribute so that we can read it - * like a text file. - */ - - if( (pPipe = _popen( command.c_str(), "rt" )) == NULL ) - return ( pPipe ); -std::cout << command << std::endl; - /* Read pipe until end of file, or an error occurs. */ -/* - while(fgets(psBuffer, 128, pPipe)) - { - printf(psBuffer); - } -*/ - -return (pPipe); + command = "cmd /c C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Powershell.exe -v 5 -c " + command; + /* char ps_buffer[128]; */ + FILE *process_pipe; + /* Run DIR so that it writes its output to a pipe. Open this + * pipe with read text attribute so that we can read it + * like a text file. + */ + if( (process_pipe = _popen( command.c_str(), "rt" )) == NULL ) + return ( process_pipe ); + /* std::cout << command << std::endl; */ + return (process_pipe); } /* we have to close it all our so we don't fuck @@ -72,15 +38,7 @@ return (pPipe); */ int pclose2(FILE *fp, pid_t pid) { - /* while ((pid, &stat, 0)) { - if (errno != EINTR) { - stat = -1; - break; - } - } /* return our status and end pclose2 */ - - /* Close pipe and print return value of pPipe. */ if (feof( fp)) { _pclose( fp ); diff --git a/src/win/sys_string.cpp b/src/win/sys_string.cpp index 362e389..998338e 100644 --- a/src/win/sys_string.cpp +++ b/src/win/sys_string.cpp @@ -4,6 +4,11 @@ * Marshall Whittaker / oxagast */ +// __ _ _ __ ___ __ ____ ____ +// / ( \/ )/ _\ / __)/ _\/ ___(_ _) +// ( O ) (/ ( (_ / \___ \ )( +// \__(_/\_\_/\_/\___\_/\_(____/(__) + #include #include #include @@ -21,22 +26,19 @@ get_out_str(std::string env_str, std::string valgrind_str, std::string sys_str, out_str_p = " (.\\printf.exe \\x" + binstr_to_hex(env_str) + "\") " + "'" + path_str + "' (.\\printf.exe \\x" + binstr_to_hex(sys_str) + ")" + always_arg + " " + fuzz_after + - "; echo $LastExitCode"; // for windows compatibility + "; echo $LastExitCode"; } if (env_str == "") { out_str_p = "'" + path_str + "' (.\\printf.exe \\x" + binstr_to_hex(sys_str) + ") " + always_arg + " " + fuzz_after + - "; echo $LastExitCode"; // also for win compatibility + "; echo $LastExitCode"; } - // out_str = env_str + "(Start-Job {& '" + path_str + "' " + sys_str + " " + - // always_arg + " " + fuzz_after; + /* shit for windows compatibility through powershell */ out_str = "$(" + env_str + " " + path_str + " " + sys_str + " " + always_arg + " " + fuzz_after; } - //out_str = - // out_str + "; echo $LastExitCode} | Receive-Job -Wait)"; // get the signal out_str = out_str + "); echo $lastexitcode"; - std::vector out_all; + std::vector out_all; out_all.push_back(out_str); out_all.push_back(out_str_p); return (out_all); diff --git a/src/win/sys_string_pc.cpp b/src/win/sys_string_pc.cpp index 8e58d6a..480060d 100644 --- a/src/win/sys_string_pc.cpp +++ b/src/win/sys_string_pc.cpp @@ -4,6 +4,11 @@ * Marshall Whittaker / oxagast */ +// __ _ _ __ ___ __ ____ ____ +// / ( \/ )/ _\ / __)/ _\/ ___(_ _) +// ( O ) (/ ( (_ / \___ \ )( +// \__(_/\_\_/\_/\___\_/\_(____/(__) + #include #include #include