Peach 3 Dumb Fuzz Tutorial - Unable to locate WinDbg - fuzzing

I am attempting a quick tutorial on fuzz testing and using Peach Fuzzer to do so. After running the fuzzer, i receive the error:
Could not start monitor "WindowsDebugger". Error, unable to locate WinDbg please specify using "WinDbgPath" parameter.
I'm really unsure how to begin fixing this problem. Any help would be appreciated.

Where is your WindowsDebugger? It would have to reside on the machine that is running the program that is being fuzzed.
Also, what does your peach pit look like for the Agent entity? Does it look similar to something like this?
<Agent name="RemoteAgent" location="tcp://127.0.0.1:9001">
<!-- Run and attach windbg to a vulnerable server. -->
<Monitor class="WindowsDebugger">
<Param name="CommandLine" value="C:\Documents and Settings\Administrator\Desktop\vulnserver\vulnserver.exe"/>
<Param name="WinDbgPath" value="C:\Program Files\Debugging Tools for Windows (x86)" />
</Monitor>
</Agent>
You can also follow along with this blog post I wrote about using Peach 3 to fuzz a sample network server called VulnServer, http://rockfishsec.blogspot.com/2014/01/fuzzing-vulnserver-with-peach-3.html

Related

Tool for explore and query ETW logs from Service Fabric on premise

I’m looking for a tool that will allow me to explore and query/search in logs from service fabric written in etl format. I tried to use MessageAnalyzer but it was loading long time and hangs, second tool windows logs explorer but after conversion to evtx logs looks like below and are useless for me:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-ServiceFabric" Guid="{cbd93bc2-71e5-4566-b3a7-595d8eeca6e8}" />
<EventID>65534</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>65534</Task>
<Opcode>254</Opcode>
<Keywords>0xffffffffffffff</Keywords>
<TimeCreated SystemTime="2018-08-17T14:11:30.484723000Z" />
<EventRecordID>11534</EventRecordID>
<Correlation />
<Execution ProcessID="14332" ThreadID="5124" ProcessorID="3" KernelTime="9" UserTime="63" />
<Channel />
<Computer>Machine Name</Computer>
<Security />
</System>
- <ProcessingErrorData>
<ErrorCode>15003</ErrorCode>
<DataItemName />
<EventPayload>0101005B69002C006F6E3D223022206C657..74656D706C6174653D22537461727441735072696D61727941726773222F3E0D0A20203C6576656E742076</EventPayload>
</ProcessingErrorData>
</Event>
I saw that on Azure (https://channel9.msdn.com/Events/dotnetConf/2018/S208 0 on 35 minute) there is option to use Application Insights to query result. Is there any tool that allow me to do this locally?
I generally use PerfView for most ETW Log analysis. It provides very good filter capabilities on the raw files without need to convert the logs to any format other format, also is very lightweight to process huge log files.
The Good side of using Tools like Log Analytics on OMS or Application Insights is that it provides advanced features like Alerting, Aggregation and SQL like queries on these same events. Also, after setup, you don't have to handle large log files(generally in the hosted on a Blob storage) to find logs for the application.
For Development, PerfView does the job, for production analysis I would recommend you go for OMS or AppInsights.
The only downside from LogAnalitics is that the events are not shown in real time, it takes a few minutes before you can see then in the portal, but is still faster than finding and copying the files for analysis on PerfView or other tools.

CXF DOSGI ZOOKEEPER

Good morning,
I'm looking for help please.I'm only a beginner.
I am using cxf-dosgi from (DOSGi Apache Karaf Feature distribution)
I want to make transparent use of services between two remote machines. So I have a karaf container on each of these two machines.
I tested this example : to start with two containers karaf hosted on the same machine then I changed the configuration to test with two containers hosted on two different remote machines. And it works great !
So I want to do the same thing to export to export my web services. I am using Spring DM. So I do this on the server side :
<osgi:service id="osgi-service" ref="myservice" interface="org.apache.camel.Endpoint"> <osgi:service-properties> <entry key="name" value="service"/> <entry key="service.exported.interfaces" value="*"/> </osgi:service-properties> </osgi:service>
I did the installations like in the tutorial with cxf dosgi version 1.6 But I get this error:
16:25:53,256 | ERROR | pool-21-thread-3 | w.service.RemoteServiceAdminCore 193 | 184 - cxf-dosgi-ri-dsw-cxf - 1.6.0 | failed to create server for interface org.apache.camel.Endpoint
java.lang.NullPointerException
at java.lang.reflect.Array.newArray(Native Method)[:1.7.0_79]
at java.lang.reflect.Array.newInstance(Array.java:70)[:1.7.0_79]
at org.apache.cxf.aegis.type.TypeUtil.getTypeRelatedClass(TypeUtil.java:259)
at org.apache.cxf.aegis.type.AbstractTypeCreator.createTypeForClass(AbstractTypeCreator.java:108)
at org.apache.cxf.aegis.type.AbstractTypeCreator.createType(AbstractTypeCreator.java:402)
at org.apache.cxf.aegis.type.basic.BeanTypeInfo.getType(BeanTypeInfo.java:192)
at org.apache.cxf.aegis.type.basic.BeanType.getDependencies(BeanType.java:547)
at org.apache.cxf.aegis.databinding.AegisDatabinding.addDependencies(AegisDatabinding.java:394)
at org.apache.cxf.aegis.databinding.AegisDatabinding.addDependencies(AegisDatabinding.java:399)
at org.apache.cxf.aegis.databinding.AegisDatabinding.addDependencies(AegisDatabinding.java:399)
at org.apache.cxf.aegis.databinding.AegisDatabinding.initializeMessage(AegisDatabinding.java:371)
at org.apache.cxf.aegis.databinding.AegisDatabinding.initializeOperation(AegisDatabinding.java:283)
at org.apache.cxf.aegis.databinding.AegisDatabinding.initialize(AegisDatabinding.java:242)
at org.apache.cxf.service.factory.AbstractServiceFactoryBean.initializeDataBindings(AbstractServiceFactoryBean.java:86)
at org.apache.cxf.service.factory.ReflectionServiceFactoryBean.buildServiceFromClass(ReflectionServiceFactoryBean.java:490)
at org.apache.cxf.service.factory.ReflectionServiceFactoryBean.initializeServiceModel(ReflectionServiceFactoryBean.java:550)
at org.apache.cxf.service.factory.ReflectionServiceFactoryBean.create(ReflectionServiceFactoryBean.java:265)
at org.apache.cxf.frontend.AbstractWSDLBasedEndpointFactory.createEndpoint(AbstractWSDLBasedEndpointFactory.java:102)
at org.apache.cxf.frontend.ServerFactoryBean.create(ServerFactoryBean.java:159)
at org.apache.cxf.dosgi.dsw.handlers.AbstractPojoConfigurationTypeHandler.createServerFromFactory(AbstractPojoConfigurationTypeHandler.java:191)
at org.apache.cxf.dosgi.dsw.handlers.PojoConfigurationTypeHandler.createServer(PojoConfigurationTypeHandler.java:119)
at org.apache.cxf.dosgi.dsw.service.RemoteServiceAdminCore.exportInterfaces(RemoteServiceAdminCore.java:184)
at org.apache.cxf.dosgi.dsw.service.RemoteServiceAdminCore.exportService(RemoteServiceAdminCore.java:140)
at org.apache.cxf.dosgi.dsw.service.RemoteServiceAdminInstance$1.run(RemoteServiceAdminInstance.java:59)
at org.apache.cxf.dosgi.dsw.service.RemoteServiceAdminInstance$1.run(RemoteServiceAdminInstance.java:57)
at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_79]
at org.apache.cxf.dosgi.dsw.service.RemoteServiceAdminInstance.exportService(RemoteServiceAdminInstance.java:57)[184:cxf-dosgi-ri-dsw-cxf:1.6.0]
at org.apache.cxf.dosgi.dsw.service.RemoteServiceAdminInstance.exportService(RemoteServiceAdminInstance.java:41)[184:cxf-dosgi-ri-dsw-cxf:1.6.0]
at org.apache.cxf.dosgi.topologymanager.exporter.TopologyManagerExport.exportServiceUsingRemoteServiceAdmin(TopologyManagerExport.java:185)[183:cxf-dosgi-ri-topology-manager:1.6.0]
at org.apache.cxf.dosgi.topologymanager.exporter.TopologyManagerExport.doExportService(TopologyManagerExport.java:168)[183:cxf-dosgi-ri-topology-manager:1.6.0]
at org.apache.cxf.dosgi.topologymanager.exporter.TopologyManagerExport$3.run(TopologyManagerExport.java:143)[183:cxf-dosgi-ri-topology-manager:1.6.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)[:1.7.0_79]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)[:1.7.0_79]
at java.lang.Thread.run(Thread.java:745)[:1.7.0_79]
Have you an idea of what is wrong?
Ouch .. what are you doing with 1.4-SNAPSHOT. First it is not a release and second it is quite old.
Another thing that looks suspicious is the service.exported.interfaces=myInterface. It should be a fully qualified java interface name. For the start try service.exported.interfaces=* for it.
You should start with my CXF DOSGi tutorial. The code there should work out of the box. You can then add your changes in the config. So it is easier than to start completely new.

Error when running a bpel process in ode

I'm trying to learn to work with bpel. I choose Eclipse Bpel Designer and apache ode (on a tomcat server) in order to experiment. The process I tried to model was a loan process. It has 3 services: a creditRate service (written in eclipse bpel designer and deployed befo-hand an tested that it works), a currency converter service, and the main orchestration process. While I had no errors on deployment when testing the web service from eclipse following errors occur:
ERROR [ExternalService] Error sending message to Axis2 for ODE mex
{PartnerRoleMex#hqejbhcnphr87mcnd0np43 [PID
{CreditBuletinNamespace}CreditBuletin-137] calling
org.apache.ode.bpel.epr.WSAEndpoint#a64453.getRating(...) Status
REQUEST} org.apache.ode.axis2.OdeFault: Binding operation not found:
service {http://www.webserviceX.NET/}CurrencyConvertor port
CurrencyConvertorSoap name getRating. at
org.apache.ode.axis2.util.SoapMessageConverter.createSoapRequest(SoapMessageConverter.java:154)
and
Failure during invoke: Error sending message to Axis2 for ODE mex
{PartnerRoleMex#hqejbhcnphr87mcnd0np43 [PID
{CreditBuletinNamespace}CreditBuletin-137] calling
org.apache.ode.bpel.epr.WSAEndpoint#a64453.getRating(...) Status
REQUEST} 21:09:14,421 INFO [BpelRuntimeContextImpl] ActivityRecovery:
Registering activity 19, failure reason: Error sending message to
Axis2 for ODE mex {PartnerRoleMex#hqejbhcnphr87mcnd0np43 [PID
{CreditBuletinNamespace}CreditBuletin-137] calling
org.apache.ode.bpel.epr.WSAEndpoint#a64453.getRating(...) Status
REQUEST} on channel 33
Can someone help me out with a solution? I have searched for some solution but have not found one that works. It may be that due to my poor knowledge I am not searching right or not doing something right. Because this description may be confusing I have attached my solution because I believe they will tell more of what I'm trying to do and how wrong I am doing it. http://www.mediafire.com/?9bjgt44spln1zwr
Thank-you in advance
EDIT: after doing an iterative approach (as sugested in the first answer) it seems that the external conversion service was not responding from ode. This is strange because the service worked from the browser and no error was reported when deplying. Again because of my poor knowledge I believe code speaks better than my phrasing. I have made an eclipse project just with the external currency convertor. Any help / guidance is heartly appreciated. Thank you in advance. http://www.mediafire.com/?56csca1qgt5ka9a
Your CreditRating process works fine, the error lies in the CreditBuletin process. When I test this one with soapUI, I get a selectionFailure. This error in BPEL tells you that something is wrong with a from or to in your process.
To outline the problem here is a very simplified version of the activities of your CreditBuletin process, reduced to just the initial receive, the final reply and one of your assign activities inbetween. You can paste this into the main sequence of your process to reproduce the problem.
<bpel:receive name="receiveInput" partnerLink="clientInput" operation="getLoan" portType="tns:CreditBuletinPT" variable="receiveInput" createInstance="yes"></bpel:receive>
<bpel:assign validate="no" name="AssignFinal">
<bpel:copy>
<bpel:from>
<bpel:literal>
<tns:SumaRON xmlns:tns="CreditBuletinNamespace" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<output>0</output>
</tns:SumaRON>
</bpel:literal>
</bpel:from>
<bpel:to variable="outputResult" part="parameters"></bpel:to>
</bpel:copy>
<bpel:copy>
<bpel:from>
<![CDATA[$loanWithInterest * bpel:getVariableData('CurrencyRateInputResponse','parameters','ConversionRateResult')]]>
</bpel:from>
<bpel:to part="parameters" variable="outputResult">
<bpel:query queryLanguage="urn:oasis:names:tc:wsbpel:2.0:sublang:xpath1.0">
<![CDATA[output]]>
</bpel:query>
</bpel:to>
</bpel:copy>
</bpel:assign>
<bpel:reply name="outputResult" partnerLink="clientInput" operation="getLoan" portType="tns:CreditBuletinPT" variable="outputResult"></bpel:reply>
You are trying to assign the same variable twice, first with a default initialization. This doesn't make much sense, but for some reason the BPEL editor generates these initializations on default. You get a correct reply, if you change the from statement in the second copy to something else, for instance
<![CDATA[bpel:getVariableData('receiveInput','parameters','suma')]]>
So, your problem(s) come(s) from your from statements, most likely the ones that use the getVariableData() function. Now, I don't want to repair all expressions in your process (because there are many and that is your task), but I suggest to have a look at all of them. Start with a minimal working process, such as the one above with the from exchanged and do incremental updates of functionality while testing each increment. That way, you will eventually end up with something that works.

CruiseControl.NET no connection can be made?

I am setting up CruiseControl.NET and I get the following error message on the webdashboard:
No connection could be made because the target machine actively refused it 127.0.0.1:21234
The Url it is looking for is: tcp://localhost:21234/CruiseManager.rem
However the ccnet website in IIS has its tcp port set to 82.
So I use the following Url to navigate to the webdashboard http://127.0.0.1:82/ccnet/ViewFarmReport.aspx
I tried changing the Tcp port in IIS to 21234 and I get the following error message on the webdashboard:
Tcp channel protocol violation: expecting preamble.
I have also tried opening the port with the following command:
netsh firewall add portopening TCP 21234 CCNET
When I try and start the CCNET service I get the following message
The CruiseControl.NET Server service started then stopped. Some services stop automatically if they have no work to do....
Can anyone help me with this problem please?
EDIT - Adding config file
<cruisecontrol xmlns:cb="urn:ccnet.config.builder">
<cb:define PublishDir="C:\Deploy\Portal2.0Build"/>
<project name="Portal2.0">
<workingDirectory>C:\PortalCruiseControl\Working</workingDirectory>
<artifactDirectory>C:\PortalCruiseControl\Artifacts</artifactDirectory>
<webURL>http://192.168.17.59:82/ccnet</webURL>
<triggers>
<intervalTrigger name="continuous" seconds="10"
buildCondition="IfModificationExists"/>
</triggers>
<sourcecontrol type="svn">
<trunkUrl>https://portal2003.local:8443/svn/portalv2.0/trunk</trunkUrl>
<executable>C:\Program Files (x86)\VisualSVN Server\bin\svn.exe</executable>
<username>ccnet</username>
<password>***</password>
<cleanCopy>true</cleanCopy>
</sourcecontrol>
<tasks>
<msbuild>
<executable>
C:\WINDOWS\microsoft.net\Framework64\v3.5\MSBuild.exe
</executable>
<projectFile>Portal2.0.sln</projectFile>
<buildArgs>
/target:build;publish /p:Configuration=Release /p:MSBuildExtensionsPath=C:\Progra~2\MSBuild /p:MSBuildEmitSolution=1 /p:publishdir=C:\Deploy\Portal2.0Build /verbosity:diag
</buildArgs>
<logger>
C:\Program Files (x86)\CruiseControl.NET\server\ThoughtWorks.CruiseControl.MSBuild.dll
</logger>
</msbuild>
</tasks>
<labeller type="assemblyVersionLabeller">
<major>2</major>
<minor>0</minor>
<incrementOnFailure>false</incrementOnFailure>
</labeller>
<publishers>
<statistics />
<xmllogger />
<package>
<name>ZipFilePublish</name>
<compression>9</compression>
<always>false</always>
<flatten>false</flatten>
<baseDirectory>$(PublishDir)</baseDirectory>
<dynamicValues>
<replacementValue property="name">
<format>C:\Deploy\Builds\PortalBuild{0}.zip</format>
<parameters>
<namedValue name="$CCNetLabel" value="Default" />
</parameters>
</replacementValue>
</dynamicValues>
<files>
<file>*.*</file>
<file>**\*</file>
</files>
</package>
<email from="bla" mailhost="bla" port="25" userName="bla"
password="bla" includeDetails="TRUE" useSSL="FALSE">
<users>
<user name="User1" group="Portal" address=""/>
</users>
<groups>
<group name="Portal">
<notifications>
<notificationType>change</notificationType>
</notifications>
</group>
</groups>
</email>
</publishers>
</project>
The first error message is probably caused by CCNET service not running because of which the web dashboard can't connect to it. It should go away as soon as you fix the ccnet.config so that service starts running.
The second problem ("Ilegal characters in path"; you seem to have already figured out the missing nodes part) is caused by msbuild/executable element. It seems that CC.NET doesn't like whitespace and especially new line characters inside it's value. Replacing:
<executable>
C:\WINDOWS\microsoft.net\Framework64\v3.5\MSBuild.exe
</executable>
with:
<executable>C:\WINDOWS\microsoft.net\Framework64\v3.5\MSBuild.exe</executable>
should fix the problem.
Another hint: when you're having problems with the validity of your ccnet.config file, try using CCValidator.exe (it's in your CruiseControl.NET\server folder). It usually points out the problematic part of the config file quite nicely (although that wasn't the case with "Illegal characters in path" problem - I had to comment out specific parts of the config to find the offending node).
The first message you receive (connection actively refused) makes me think of a firewall which is blocking the port you're using.
The second problem could be anything. It could for instance be an error in your XML configuration (ccnet.config) file. Can you find any pointers in the Windows Eventlog ?
Regarding the 2nd problem: did you try to run the CC.NET server from the command line?
If you've got an error in your XML configuration, this will give you a more meaningful error message.
Which account are you using to run the Windows service?
Have you checked your ccnet's dashboard.config file?
It has the following line in it:
<server name="local" url="tcp://localhost:21234/CruiseManager.rem" ... />
Try changing the port on that to 82 and then restarting the website (you should be just able to add a space to the web.config file and save and IIS will restart the website).
Sounds like you're confusing two different functions:
tcp://localhost:21234
This is the default remoting port for clients like CCTray. This is not used for the IIS web site (dashboard).
Configuration document is likely missing Xml nodes required for properly populating CruiseControl co nfiguration. Missing Xml node (packageList) for required member (ThoughtWorks.CruiseControl.Core.Publishers.Package Publisher.PackageList)
Your example config is missing required packageList node.
A misleading error message. The port really is 21234, not 82. I got the same errors. The fix was to start ccnet.exe from the desktop shortcut to discover that the real problem was illegal code in my ccnet.config file.
After fixing the ccnet.config file, the problem moved on. When attempting to build, the system would not let the subversion client modify the read-only marker files in the checked out repo.
In my case I misprinted project configuration file name in ccnet.config instead of timescheduler.config it were timesheduler. When I fixed file name I was able to run ccnet service.
<cruisecontrol xmlns:cb="urn:ccnet.config.builder">
<cb:include href="definitions.xml" xmlns:cb="urn:ccnet.config.builder"/>
<cb:include href="projects/timescheduler.config" xmlns:cb="urn:ccnet.config.builder"/>
</cruisecontrol>

Why does Log4Net run so slow in my Windows Service?

I have a windows service that uses log4net. We noticed that the service in question was running painfully slow so we attached a debugger to it and stepped through. It appears that each time it tries to write an entry to the log via log4net that it takes anywhere from 10 to 30 seconds before the next line of code can execute. Obviously this adds up...
The service is 2.0 .net
We're using log4Net 1.2.0.30714.
We've tested this on a machine running vista and a machine running win sever 2003 and have seen the same or similar results.
Jeff mentioned a performance problem with Log4Net in Podcast 20. It's possible that you are seeing a similar issue.
It turned out that someone had added an SMPTAppender in a config file which was overriding the one in our app. As a result the errant SMPT server address was unreachable. log4net was trying to log the error for a minute per request and then giving up and going on to the next line of code. Correcting the smtp address fixed the problem.
I have log4net with adonet appender and have not seen any decremental performance of my windows service. what appender are you using?
Check your config file for Log4Net settings. Log4Net can be configured to log to a remote machine, and if the connection is slow, so will be your logging speed.
Well I'm not remoting... this is writing to the log file on the machine it's running on. Here's my appender settings:
<appender name="RollingFileAppender" type="log4net.Appender.RollingFileAppender,log4net">
<file value="D:\\ROPLogFiles\\FileProcessor.txt" />
<appendToFile value="true" />
<datePattern value="yyyyMMdd" />
<rollingStyle value="Date" />
<layout type="log4net.Layout.PatternLayout,log4net">
<param name="ConversionPattern" value="%d [%t] %-5p %c [%x] - %m%n" />
</layout>
<threshold value="INFO" />
</appender>
the default maximum file size is 10mb . if your files are about this size and your file systems is quite full and probably heavily fragmented, it may be possible that the problem lies there. how big are your log files? i encountered similar problems with logfiles at gigabyte size.