Nginx exploit writing weekend

John W8MEJ Menerick · July 11, 2019

Nginx   Exploit Writing   Fuzzing   Security Research   Scheduler Optimization   Fuzzing Tools   Nginx Exploits

This weekend will be ripe of opportunities for #nginx #exploit writing. Trying a new scheduler algorithm and Stensal’s compiler against nginx’s stable code base.

-————————————————–

@meteor:~# afl-whatsup ~/Repository/FuzzMe/Nginx/sbin/findings/

status check tool for afl-fuzz by <[email protected]> with scheduler optimizations by <[email protected]> and <[email protected]>

Individual fuzzers

==================

fuzzer01 (4 days, 13 hrs) «<

cycle 1, lifetime speed 108 execs/sec, path 2626/3234 (81%)

pending 116/2979, coverage 13.58%, 92 crashes

fuzzer02 (4 days, 13 hrs) «<

cycle 429, lifetime speed 152 execs/sec, path 3562/4483 (79%)

pending 0/5, coverage 13.58%, 34 crashes

………

Summary stats

1;;1;;1;;;1;;1;;1;;1;;1;;1;;1;;1;;1;;1;;

Fuzzers alive : 5

Total run time : 22 days, 17 hours

Total execs : 264 million

Cumulative speed : 669 execs/sec

Pending paths : 116 faves, 2999 total

Pending per fuzzer : 23 faves, 599 total (on average)

Crashes found : 471 locally unique

Share on: