Damn Vulnerable C Program: C program containing vulnerable code
Damn Vulnerable C Program
This is a simple C program, I coded to explain common types of vulnerabilities like:
- integer overflow
- integer underflow
- Out of bound Read
- Out of bound Write
- Double Free
- Use After Free
- Memory leaks
This C program contains vulnerable code of all of the above vulnerabilities and then users can fuzz it using AFL or hongfuzz or anything else they want.
**How to Compile **
git clone https://github.com/hardik05/Damn_Vulnerable_C_Program.git
just type “make” on the command prompt. Makefile is included with it.
How to generate input for AFL?
just create a sample input file as following and the rest of AFL will take care:
echo “IMG” >input/1.txt
AFL will automatically generate new test cases and discover most of the vulnerabilities mentioned above. that’s the beauty of AFL 🙂
How to fuzz it using AFL?
1. First compile this program using the following command:
afl-gcc -g -fsanitize=address imgRead.c -o imgread
2. run this command:
afl-fuzz -i input -o output -m none — ./imgRead @@
How to fuzz it using honggfuzz
1. First compile this program using the following command:
hfuzz-gcc -g -fsanitize=address imgRead.c -o imgread
2. run this command:
hongfuzz -i input — ./imgread ___FILE___
How to fuzz using libfuzzer
You need to modify the C code, you can get the updated code from here
1. Compile the program using the following command:
clang -fsanitize=fuzzer,address,undefined -g imgRead_libfuzzer.c -o imgRead_libfuzzer
**2. run this command to fuzz:
./imgRead_libfuzzer
you can see the video tutorials here:
Source: https://github.com/hardik05/
