part 2 step 0

hw5/hw5.md

@@ -45,12 +45,12 @@ As understood in the Step 0 instructions, we have already applied the `ceeb4f4`
 
 ## Step-3 Fuzzing
 
-We begin the fuzzing process running the supplied command
+We begin the fuzzing process running the supplied command.
 ```
 afl-fuzz -d -i $AFLNET/tutorials/live555/in-rtsp -o out-live555 -N tcp://127.0.0.1/8554 -x $AFLNET/tutorials/live555/rtsp.dict -P RTSP -D 10000 -q 3 -s 3 -E -K -R ./testOnDemandRTSPServer 8554
 ```
 
-It seems off to a good start, and I will let this run for some time and check back later. In this case, I will use the provided seed corpus.
+It seems off to a good start, and I will let this run for some time and check back later. Due to the time investment of this fuzzing effort, I will use the provided seed corpus and not the one I generted in step 1. Though I am mostly confident I followed step 1 correctly, I do not wish to find out in a day that I may have made a mistake.
 
 ![begin-fuzz](./part1/step3/begin-fuzz.png)
 
@@ -76,11 +76,103 @@ Here is another example of performing and `aflnet-replay` with one of the replay
 
 # Part 2 - Our own example
 
-I will run through this exercise again choosing my own example. In this case, I have chosen to follow the [OpenSSH Example](https://github.com/profuzzbench/profuzzbench/tree/master/subjects/SSH/OpenSSH)
+I will run through this exercise again choosing my own example from the other provided tutorials in this container. In the `$AFLNET/tutorials` directory, we see some options
+
+![tutorials](./part2/tutorials.png)
+
+I will choose to focus on the ippsample, which seems to be a fuzzing exercise for the Internet Printing Protocol (IPP). Included in this tutorial is a README, so I now will show my progress following along the steps provided there.
+
+## Step-0. Server compilation & setup
+
+I'll run the following bash commands to ensure I am fuzzing the correct version
+
+```bash
+export WORKDIR=$(pwd)
+cd $WORKDIR
+# Install requirements
+sudo apt-get -qq update
+sudo apt-get install -y build-essential autoconf avahi-daemon avahi-utils cura-engine libavahi-client-dev libfreetype6-dev libgnutls28-dev libharfbuzz-dev libjbig2dec0-dev libjpeg-dev libmupdf-dev libnss-mdns libopenjp2-7-dev libpng-dev zlib1g-dev net-tools iputils-ping vim avahi-daemon tcpdump man curl git
+# Clone ippsample repository
+git clone https://github.com/istopwg/ippsample.git ippsample
+# Move to the folder
+cd ippsample
+# Checkout a specific version
+git checkout 1ee7bcd4d0ed0e1e49b434c0ab296bb0c9499c0d
+# Compile source
+CC=$AFLNET/afl-clang ./configure
+make clean all
+```
+
+At this point, I've installed the packages, cloned the repository, and checked out the designated commit
+
+![checkout](./part2/step0/checkout.png)
+
+Running the make command has also worked
+
+![make](./part2/step0/make.png)
+
+I can also see the server directory is populated as expected
+
+![server](./part2/step0/server.png)
+
+Once ippsample source code has been successfully compiled, we should see the server under test (ippserver) in the server folder. We can test the server by running the following commands using the client ipptool (tools folder).
+I strongly suggest you to create a RAM disk for the printing spooler.
+
+I now will run the following commands to create the RAM disk, and test the ipp server.
+
+```bash
+# Create a RAM disk
+mkdir /tmp/afl-ramdisk
+chmod 777 /tmp/afl-ramdisk
+sudo mount -t tmpfs -o size=512M tmpfs /tmp/afl-ramdisk
+export AFL_TEMP=/tmp/afl-ramdisk
+mkdir $AFL_TEMP/spool
+# Move to the folder containing ippserver
+cd $WORKDIR/ippsample/server
+# Run ippserver on port 631 (-p), adding MIME type support for text/plain (-f), spool in RAM disk (-d), with verbose output (-vvvv)
+# You may need to run the following command with sudo
+# WARNING: if you have cups installed, you should first stop it
+./ippserver -p 631 -f text/plain -d $AFL_TEMP/spool -vvvv printerName 
+# If you have problem starting ippserver, you should need to start following services:
+# sudo service dbus start && sudo service avahi-daemon
+# In this example we try to print a txt and to cancel the printing job
+# From another terminal, move to the folder containing ipptool (client)
+cd $WORKDIR/ippsample/tools
+# To get the URI of the printer(s), run ippfind
+./ippfind
+# Record traffic data with tcpdump
+sudo tcpdump -i lo port 631 -w printAndCancelCurrentJobReq.pcap
+# Run client to send a print request for the txt file (-f), produce a test report (-t), verbose output (-v), followed by the URI of the printer
+./ipptool -f ../examples/testfile.txt -t -v ipp://127.0.0.1:631/ipp/print ../examples/print-job.test 
+# Run client to send a cancel job request for the job number 1 (-d), produce a test report (-t), verbose output (-v), followed by the URI of the printer
+# You should run the following command immediately after the previus one
+# If you aren't fast enough, you can edit the ../examples/print-job.test file to print more copies, for example 100: ATTR integer copies 100
+./ipptool -t -v -d job-id=1 ipp://127.0.0.1:631/ipp/print ../examples/cancel-job.test
+# If you get an error for job-id 1, stop the server and start it again, or change the job-id value in -d.
+```
+
+At the point shown here, I have the ipp server running, and I can see an address with ipp find
+![ippfind](./part2/step0/ippfind.png)
+
+Now, we've run the commands to send the print job and cancle it, along with taking a tcpdump at the time designated as [`printAndCancelCurrentJobReq.pcap`](./part2/step0/printAndCancelCurrentJobReq.pcap)
+
+![capture](./part2/step0/capture.png)
+
+## Step-1. Prepare message sequences as seed inputs
+
+We have prepared a seed corpus to fuzz ippserver. If you want to create your own seed corpus, please follow the tutorial for fuzzing Live555 RTSP server included in the main AFLNet README.md.
+In this case we have 2 seed inputs, one for the print request and one for the cancel job.
+
+## Step-2. Fuzzing
+
+```bash
+cd $WORKDIR/ippsample/server
+cp $AFLNET/tutorials/ippsample/ippcleanup.sh ./
+chmod +x ippcleanup.sh
+# Edit the ippcleanup.sh with the spool directory you choosed (/tmp/afl-ramdisk/spool in this case)
+# You may need to run the following command with sudo
+afl-fuzz -d -i $AFLNET/tutorials/ippsample/in-ipp/ -o out-ipp/ -N tcp://127.0.0.1/631 -x $AFLNET/tutorials/ippsample/ipp.dict -P IPP -D 100000 -t 2000 -q 3 -s 3 -E -K -R -m 150 -c ippcleanup.sh ./ippserver -p 631 -f text/plain -d /tmp/afl-ramdisk/spool printerName
+```
 
-## Step-1. Build a docker image
-## Step-2. Run fuzzing
-## Step-3. Collect the results
-## Step-4. Analyze the results
 
 

hw5/part2/Dockerfile

@@ -1,131 +0,0 @@
-FROM ubuntu:20.04
-
-# Install common dependencies
-ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get -y update && \
-    apt-get -y install sudo \ 
-    apt-utils \
-    build-essential \
-    openssl \
-    clang \
-    graphviz-dev \
-    git \
-    autoconf \
-    libgnutls28-dev \
-    libssl-dev \
-    llvm \
-    python3-pip \
-    nano \
-    net-tools \
-    vim \
-    gdb \
-    netcat \
-    strace \
-    wget
-
-# Add a new user ubuntu, pass: ubuntu
-RUN groupadd ubuntu && \
-    useradd -rm -d /home/ubuntu -s /bin/bash -g ubuntu -G sudo -u 1000 ubuntu -p "$(openssl passwd -1 ubuntu)"
-
-RUN chmod 777 /tmp
-
-RUN pip3 install gcovr==4.2
-
-# Use ubuntu as default username
-USER ubuntu
-WORKDIR /home/ubuntu
-
-# Import environment variable to pass as parameter to make (e.g., to make parallel builds with -j)
-ARG MAKE_OPT
-
-# Set up fuzzers
-RUN git clone https://github.com/profuzzbench/aflnet.git && \
-    cd aflnet && \
-    make clean all $MAKE_OPT && \
-    cd llvm_mode && make $MAKE_OPT
-
-RUN git clone https://github.com/profuzzbench/aflnwe.git && \
-    cd aflnwe && \
-    make clean all $MAKE_OPT && \
-    cd llvm_mode && make $MAKE_OPT
-
-# Set up environment variables for AFLNet
-ENV WORKDIR="/home/ubuntu/experiments"
-ENV AFLNET="/home/ubuntu/aflnet"
-ENV PATH="${PATH}:${AFLNET}:/home/ubuntu/.local/bin:${WORKDIR}"
-ENV AFL_PATH="${AFLNET}"
-ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 \
-    AFL_SKIP_CPUFREQ=1 \
-    AFL_NO_AFFINITY=1
-
-
-RUN mkdir $WORKDIR
-
-USER root
-RUN apt-get -y install sshpass
-
-
-COPY --chown=ubuntu:ubuntu rand.patch ${WORKDIR}/rand.patch
-COPY --chown=ubuntu:ubuntu rand.inc ${WORKDIR}/rand.inc
-
-# Set up environment variables for ASAN
-env ASAN_OPTIONS='abort_on_error=1:symbolize=0:detect_leaks=0:detect_stack_use_after_return=1:detect_container_overflow=0:poison_array_cookie=0:malloc_fill_byte=0:max_malloc_fill_size=16777216'
-
-
-# Download and compile OpenSSL 1.0.2
-# (for compatibility with older OpenSSH used in this benchmark)
-RUN cd ${WORKDIR} && \
-    git clone https://github.com/openssl/openssl openssl && \
-    cd openssl && \
-    git checkout 12ad22d && \
-    ./Configure linux-x86_64-clang shared --prefix=$WORKDIR/openssl-install && \
-    make $MAKE_OPT && \
-    make install
-
-ENV LD_LIBRARY_PATH="${WORKDIR}/openssl-install/lib"
-
-# Download and compile OpenSSH for fuzzing
-RUN cd ${WORKDIR} && \
-    git clone https://github.com/vegard/openssh-portable.git openssh && \
-    cd openssh && \
-    git checkout 7cfea58 && \
-    cp ${WORKDIR}/rand.inc . && \
-    patch -p1 < ${WORKDIR}/rand.patch && \
-    autoreconf && \
-    ./configure \
-    CC="afl-clang-fast" \
-    CFLAGS="-g -O3 -I$WORKDIR/openssl-install/include" \
-    --prefix=$PWD/install \
-    --with-openssl=$WORKDIR/openssl-install \
-    --with-ldflags="-L$WORKDIR/openssl-install/lib" \
-    --with-privsep-path=$PWD/var-empty \
-    --with-sandbox=no \
-    --with-privsep-user=ubuntu && \
-    AFL_USE_ASAN=1 make $MAKE_OPT && \
-    make install
-
-# Download and compile OpenSSH for coverage analysis
-RUN cd ${WORKDIR} && \
-    git clone https://github.com/vegard/openssh-portable.git openssh-gcov && \
-    cd openssh-gcov && \
-    git checkout 7cfea58 && \
-    cp ${WORKDIR}/rand.inc . && \
-    patch -p1 < ${WORKDIR}/rand.patch && \
-    autoreconf && \
-    ./configure \
-    CC="gcc" \
-    CFLAGS="-g -O3 -fprofile-arcs -ftest-coverage -I$WORKDIR/openssl-install/include" \
-    LDFLAGS="-fprofile-arcs -ftest-coverage" \
-    --with-openssl=$WORKDIR/openssl-install \
-    --with-ldflags="-L$WORKDIR/openssl-install/lib" \
-    --prefix=$PWD/install \
-    --with-privsep-path=$PWD/var-empty \
-    --with-sandbox=no \
-    --with-privsep-user=ubuntu && \
-    make $MAKE_OPT && \
-    make install
-
-COPY --chown=ubuntu:ubuntu in-ssh ${WORKDIR}/in-ssh
-COPY --chown=ubuntu:ubuntu ssh.dict ${WORKDIR}/ssh.dict
-COPY --chown=ubuntu:ubuntu cov_script.sh ${WORKDIR}/cov_script
-COPY --chown=ubuntu:ubuntu run.sh ${WORKDIR}/run