好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读用户提供的文章内容,理解其主要观点和结构。 文章开头提到作者对二进制和源代码的热爱,特别是栈溢出攻击。接着他转向使用 AFL++ 对 Meta 的开源项目 netconsd 进行模糊测试,并提到了使用 libdesock 库来实现 desocketing。这些信息是关键点。 接下来,我需要将这些要点浓缩成一段简洁的文字。要注意不要使用“文章内容总结”之类的开头,直接描述内容即可。同时,要确保语言流畅,信息准确。 可能的结构是:作者讲述他对栈溢出的兴趣,然后介绍他如何用 AFL++ 和 libdesock 对 netconsd 进行模糊测试。这样既涵盖了主要兴趣点,又说明了具体的方法和项目。 最后检查字数,确保不超过100字,并且没有遗漏重要信息。 </think> 作者分享了对栈溢出攻击的热爱,并介绍了如何使用AFL++和libdesock对Meta的开源项目netconsd进行模糊测试。 2026-1-26 09:11:41 Author: infosecwriteups.com(查看原文) 阅读量:0 收藏
Hello everyone,
Working with binaries and source code have been my passion since I started hacking. The first topic I stumbled upon when I started learning was stack based buffer overflows, the topic was very interesting and enjoyable for me, and it felt like black magic, a bunch of seemingly random hexadecimal bytes and voilà a shell.
I believe many people fell the same since whenever someone drops a shell during a talk, and even though it’s just a demo, you hear people clapping.
I started focusing lately on binary and open source targets during my hunt, either by reviewing the source code or creating a fuzz harness to fuzz the application, in hopes to find interesting crashes.
In this article, I will walk you through the process of writing a fuzz harness for one of Meta’s open source projects (netconsd), netconsd is a daemon for receiving and processing logs from the Linux Kernel, and it’s written in c++, there’ve been some efforts to reimplement it in rust, but based on the last few commits it seems that the plan changed, and it’s not happening for some reason.
When fuzzing network applications using afl++ you have some options, one of them “desocketing” using a library like libdesock, this will allow the application to read from stdin instead of reading packets through the network.
如有侵权请联系:admin#unsafe.sh