BeeBug : A tool for checking Exploitability

BeeBug is a tool that can be used to verify if a program crash could be exploitable. This tool was presented the first time at r2con 2018 in Barcelona. Some implemented functionality are:

  • Stack overflow on libc
  • Crash on Program Counter
  • Crash on branch
  • Crash on write memory
  • Heap vulnerabilities
  • Read access violation (some exploitable cases)
  • Help to analyse a crash (graph view)

Also Read : Bolt : Cross-Site Request Forgery Scanner

Dependencies

  • r2pipe
  • pydot
  • graphviz
  • pyqtgraph

Installation

~ $ wget https://github.com/radare/radare2/archive/2.7.0.tar.gz
~ $ tar xzvf 2.7.0.tar.gz
~ $ cd radare2-2.7.0/
~/radare2-2.7.0 $ ./configure –prefix=/usr
~/radare2-2.7.0 $ make -j8
~/radare2-2.7.0 $ sudo make install
apt-get install graphviz
pip3 install -r requirements.txt

Usage

help

$ python3 ./beebug.py -h
usage: beebug.py [-h] [-t TARGET] [-a TARGETARGS] [-f FILE] [-g GRAPH] [-i]
[-r REPORT_FILE] [-v]
optional arguments:
-h, –help show this help message and exit
-t TARGET, –target TARGET
target program to analyze
-a TARGETARGS, –targetargs TARGETARGS
arguments for the target program
-f FILE, –file FILE input file
-g GRAPH, –graph GRAPH
generate the graph
-i, –instrumentation
instrumentation option
-r REPORT_FILE, –report_file REPORT_FILE
DynamoRIO report file to parse

Simple usage

python3 ./beebug.py -t tests/crash_on_pc
Process with PID 7691 started…
File dbg:///home/invictus1306/Documents/r2conf/beebug/beebug/tests/crash_on_pc reopened in read-write mode
= attach 7691 7691
child stopped with signal 11
[+] SIGNAL 11 errno=0 addr=0x00601038 code=2 ret=0
Crash on PC – Generally it is exploitable, the PC could be tainted
backtrace
0 0x601038 sp: 0x0 0 [??] obj.foo obj.foo0
1 0x4004f1 sp: 0x7ffdfa75d8e8 0 [sym.main] main+27
2 0x7f2669d00830 sp: 0x7ffdfa75d908 32 [??] r11+240
3 0x7f266a0ba7cb sp: 0x7ffdfa75d998 144 [??] sym.dl_rtld_di_serinfo+29051
4 0x400409 sp: 0x7ffdfa75d9c8 48 [??] entry0+41
registers
rax = 0x00601038
rbx = 0x00000000
rcx = 0x00000000
rdx = 0x7ffdfa75d9f8
r8 = 0x00400570
r9 = 0x7f266a0baab0
r10 = 0x00000846
r11 = 0x7f2669d00740
r12 = 0x004003e0
r13 = 0x7ffdfa75d9e0
r14 = 0x00000000
r15 = 0x00000000
rsi = 0x7ffdfa75d9e8
rdi = 0x0000000a
rsp = 0x7ffdfa75d8e8
rbp = 0x7ffdfa75d900
rip = 0x00601038
rflags = 0x00010206
orax = 0xffffffffffffffff

Graph generation

python3 ./beebug.py -t tests/crash_on_pc -g crash_on_pc

$ display crash_on_pc.png

Credit : Andrea Sindoni

R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

18 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

18 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago