BeeBug : A tool for checking Exploitability

BeeBug is a tool that can be used to verify if a program crash could be exploitable. This tool was presented the first time at r2con 2018 in Barcelona. Some implemented functionality are:

  • Stack overflow on libc
  • Crash on Program Counter
  • Crash on branch
  • Crash on write memory
  • Heap vulnerabilities
  • Read access violation (some exploitable cases)
  • Help to analyse a crash (graph view)

Also Read : Bolt : Cross-Site Request Forgery Scanner

Dependencies

  • r2pipe
  • pydot
  • graphviz
  • pyqtgraph

Installation

~ $ wget https://github.com/radare/radare2/archive/2.7.0.tar.gz
~ $ tar xzvf 2.7.0.tar.gz
~ $ cd radare2-2.7.0/
~/radare2-2.7.0 $ ./configure –prefix=/usr
~/radare2-2.7.0 $ make -j8
~/radare2-2.7.0 $ sudo make install
apt-get install graphviz
pip3 install -r requirements.txt

Usage

help

$ python3 ./beebug.py -h
usage: beebug.py [-h] [-t TARGET] [-a TARGETARGS] [-f FILE] [-g GRAPH] [-i]
[-r REPORT_FILE] [-v]
optional arguments:
-h, –help show this help message and exit
-t TARGET, –target TARGET
target program to analyze
-a TARGETARGS, –targetargs TARGETARGS
arguments for the target program
-f FILE, –file FILE input file
-g GRAPH, –graph GRAPH
generate the graph
-i, –instrumentation
instrumentation option
-r REPORT_FILE, –report_file REPORT_FILE
DynamoRIO report file to parse

Simple usage

python3 ./beebug.py -t tests/crash_on_pc
Process with PID 7691 started…
File dbg:///home/invictus1306/Documents/r2conf/beebug/beebug/tests/crash_on_pc reopened in read-write mode
= attach 7691 7691
child stopped with signal 11
[+] SIGNAL 11 errno=0 addr=0x00601038 code=2 ret=0
Crash on PC – Generally it is exploitable, the PC could be tainted
backtrace
0 0x601038 sp: 0x0 0 [??] obj.foo obj.foo0
1 0x4004f1 sp: 0x7ffdfa75d8e8 0 [sym.main] main+27
2 0x7f2669d00830 sp: 0x7ffdfa75d908 32 [??] r11+240
3 0x7f266a0ba7cb sp: 0x7ffdfa75d998 144 [??] sym.dl_rtld_di_serinfo+29051
4 0x400409 sp: 0x7ffdfa75d9c8 48 [??] entry0+41
registers
rax = 0x00601038
rbx = 0x00000000
rcx = 0x00000000
rdx = 0x7ffdfa75d9f8
r8 = 0x00400570
r9 = 0x7f266a0baab0
r10 = 0x00000846
r11 = 0x7f2669d00740
r12 = 0x004003e0
r13 = 0x7ffdfa75d9e0
r14 = 0x00000000
r15 = 0x00000000
rsi = 0x7ffdfa75d9e8
rdi = 0x0000000a
rsp = 0x7ffdfa75d8e8
rbp = 0x7ffdfa75d900
rip = 0x00601038
rflags = 0x00010206
orax = 0xffffffffffffffff

Graph generation

python3 ./beebug.py -t tests/crash_on_pc -g crash_on_pc

$ display crash_on_pc.png

Credit : Andrea Sindoni

Download
R K

Share
Published by
R K
Tags: BeeBugr2con
7 years ago

Recent Posts

How to Check Website for Malware and Protect Your Site

Website malware is one of the biggest threats for website owners, bloggers, businesses, and WordPress…

7 hours ago

Install Python on Ubuntu 26.04 Like a Pro

If you want to Install Python on Ubuntu systems for development, automation, or scripting, Ubuntu…

9 hours ago

PostfixAdmin Setup on Ubuntu 26.04

Managing virtual mail users manually can quickly become difficult on a busy mail server. That’s…

13 hours ago

How to Add User to Sudoers on Ubuntu Easily

Managing administrative access properly is essential for every Linux system. When you Add User Sudoers…

16 hours ago

Install Google Chrome on Ubuntu in Minutes

Installing Google Chrome on Ubuntu systems is a simple process that gives users access to…

18 hours ago

LAMP Stack Ubuntu 26.04 Installation Guide

Setting up a LAMP Stack Ubuntu server is one of the fastest ways to host…

1 day ago