Fuzzing with Radamsa in BlackArch

Penetration Testing Wiki

Fuzzing with Radamsa in BlackArch

Radamsa is a test case generator, it receives some input data and then it scrambles it to return some random data. Random is truly random, that means that you can even receive the same string 🙂

Dilbert Randomness

Unfortunatelly radamsa doesn’t come by default in BlackArch nor Kali Linux, so we have to build it and install it from its source code.

To install radamsa, first we have to clone the repository from gitlab:

git clone https://gitlab.com/akihe/radamsa.git

Enter that directory and compile:

cd radamsa
make
sudo make install

Now we are ready to use it.

The way radamsa works it is very simple, it receives some input from stdin, then it scrambles the data randomly and output it to stdout.

Some examples:

>>> echo "Hello world" | radamsa | xxd
00000000: 4865 6c6c 6f20 776e 726c 640a            Hello wnrld.

>>> echo "Hello world" | radamsa | xxd
00000000: 4865 6c6c 6f20 776f f3a0 f3a0 f3a0 80a2  Hello wo........
00000010: 8185 726c 6409                           ..rld.

>>> echo "Hello world" | radamsa | xxd
00000000: 4865 6c6c 6f20 776f 6f6f 6f6f 6f6f 6f6f  Hello wooooooooo
00000010: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f  oooooooooooooooo
00000020: c2a0 6ff3 a080 bc6f 776f 206f 6f6f 6f6f  ..o....owo ooooo
00000030: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f  oooooooooooooooo
00000040: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f  oooooooooooooooo
00000050: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f  oooooooooooooooo
00000060: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f  oooooooooooooooo
00000070: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f  oooooooooooooooo
00000080: 6f6f 6f6f 6f6f 6f6f 2077 6ff3 a080 a7e2  oooooooo wo.....
00000090: 8087 640a                                ..d.

>>> echo "Hello world" | radamsa | xxd
00000000: 6f20 776f 726c 640a                      o world.

>>> echo "Hello world" | radamsa | xxd
00000000: 4864 0a                                  Hd.

We use xxd command to show hexadecimal codes in case there are non-printable characters.

If we do not specify -o parameter the data will be sent to stdout. However, we can save it in a file with -o output.bin parameter:

echo "some random string 123456789" | radamsa -o output.bin

That’s great for local fuzzing, but what happens when we are trying to fuzz some network service.

One simple trick would be using netcat to pipe the output to the target service. In this case host 192.168.1.12 on port 8080:

echo "some random string 123456789" | radamsa | nc 192.168.1.12 8080

But we can send data simpler and directly using radamsa network support:

echo "some random string 123456789" | radamsa -o 192.168.1.12:8080

If that wasn’t enough, we can also specify if we want to send the data to some UDP service:

echo "some random string 123456789" | radamsa -o 192.168.1.1:123/udp

Overall, a good tool to assess robustness on data sanitization in either local applications or network services.

 

2 Responses

Leave a Reply

Your email address will not be published. Required fields are marked *