finish hw5

hw5/hw5.md

@@ -115,9 +115,6 @@ I can also see the server directory is populated as expected
 
 ![server](./part2/step0/server.png)
 
-Once ippsample source code has been successfully compiled, we should see the server under test (ippserver) in the server folder. We can test the server by running the following commands using the client ipptool (tools folder).
-I strongly suggest you to create a RAM disk for the printing spooler.
-
 I now will run the following commands to create the RAM disk, and test the ipp server.
 
 ```bash
@@ -189,8 +186,22 @@ Now we start fuzzing
 
 ![afl-start](./part2/step2/afl-start.png)
 
-TODO: end of fuzzing
+After 3 days, and 11 hours I've decided to wrap up the fuzzing. At this point, we have found 2 total and unique crashes
 
-## Step-4 Reproducing
+![afl-end](./part2/step2/afl-end.png)
+
+## Step-3 Reproducing
+
+Shown here are the two replayable crashes found above
+
+![replayable-crashes](./part2/step3/replayable-crashes.png)
+
+Finally, here is my attempt to reproduce the crash. On the left terminal I am running the IPP server and on the right terminal I am using afl-replay via `afl-replay id\:000000\,sig\:11\,src\:001654+000723\,op\:splice\,rep\:128 IPP 631`. I can see the server did not like the input and reported "A TLS pack with an unexpected length was recieved"
+
+![reproduce](./part2/step3/reproduce.png)
+
+While this input did have a negative effect on the server, it did not seem to "crash" as I would expect. The second "replayable crash" also caused a similar effect on the server, with the same TLS error reported but no crash. Unlike the live55 tutorial, a `CVE-*.poc` does not seem to be provided for me to test against to cause an explicit crash. 
+
+Overall, things went pretty well with these tutorials and this was an interesting experience using AFL to fuzz network applications.