As written on esage lab, website of IOCTL fuzzer creators:
"IOCTL Fuzzer is a command line tool designed to automate searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them."
When started without a configuration the tool starts in a useful monitor mode, that will log irps. From the log we can see driver, device, process and IOCTL in irp, these will be of interest to create a configuration for the fuzzer.
example of use: ioctl_fuzzer > log
Wandering through the log can take a little to find what we are looking for, that's where IOCTL filter comes in help.
It's a python script written to help organize IOCTL fuzzer logs better and find immediately what we need.
example of use: python ioctl_fuzzer.py -p process <> out
it takes the log from stdin and outputs to stdout, with -p, -e, -r options we can choose to filter only a process/device/driver respectively containing a word we are interested in.
In the example we are interested in all processes which name contains "process".
With informations retrieved, we can then build a configuration xml to fuzz the IRPs we are interested in.
regards
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment