Fuzzing tool Sulley Development Guide (1)-Install Sulley (multiple pictures, super detailed)

    This tutorial is for the installation on windows. As for the installation of other systems, it will be posted if there is time. This tutorial is translated from the OpenRCE/Sulley-GitHub-Wiki official website tutorial, but there are some errors in it I will correct and point out. It is worth mentioning that I win10 64位系统completed this installation and operation below (64-bit systems can run and install 32-bit programs, but not vice versa), so this tutorial is applicable to any system.
    Let's first take a look at the tools needed to install Sulley, as shown in the following table:

Libraries/Tools	description	Download link
MinGW	MinGW is the abbreviation of Minimalist GNU for Windows. It is a collection of freely available and freely distributed Windows-specific header files and import libraries using the GNU tool set, allowing you to generate native Windows programs on GNU/Linux and Windows platforms without the need for a third-party C Runtime (C Runtime) Library.	MinGW | MinGW pre-compiled binary installation package
Python	I won’t explain much about this. The entire Sulley is written in python. The 32-bit version of python version 2.7.9 is recommended because it has the strongest compatibility for the subsequent libraries and has fewer bugs during installation.	Python 2.7.9 x86 |Python 2.7.9 x64
Git	Needless to say, this tool is used to get Sulley source projects	Git
Pydbg	The Sulley we use is one of the three major projects in OpenRCE. As another well-known project of the three major projects, its influence is very large. It is written in pure python and a 32-bit debugger, which is equivalent to WinDbg.	git clone https://github.com/Fitblip/pydbg.git (is a branch of OpenRCE/pydbg, including installation script)
libdasm	Pydbg depends on pydasm, libdasm includes pydasm. So we must install and compile libdasm. It is worth noting that the download link of libdasm given by sulley's official website has expired. Here we give a new link	libdasm on google, may have to go over the wall | I uploaded it myself
PCapy	Like pypcap, they are both different packages. Both use libpcap; pcapy is a version that is easier to use because some people are dissatisfied with pypcap.	git clone https://github.com/CoreSecurity/pcapy.git
WinPcap	winpcap (windows packet capture) is a free, public network access system under the windows platform. The purpose of developing winpcap is to provide win32 applications with the ability to access the underlying network. It is used for direct network programming under windows system.	WinPcap
Impacket	Python third-party network protocol implementation package, providing many low-level interfaces to implement low-level protocols such as NMB, SMB1-3 and MS-DCERPC	git clone https://github.com/CoreSecurity/impacket.git

    Therefore, we must complete the installation of sulley

• pydbg (debugging module)
• pcapy (packet capture module)
• Impacket (network protocol package module, underlying network)

Step 1 Download and install MinGW

    It is recommended to use the pre-compiled binary installation package directly. If you use the first method, select the package in the installation interface to check: 1) mingw32-base-Base Package 2) mingw32-gcc-g++-C++ Compiler 3) mingw32 -gcc-objc-Objective-C Compiler

    The installation process of MinGW is the same as the installation process of general programs. It is worth noting that you can select as shown in the figure on the check interface:

Step 2 download and install Python

    I won't go into details about the installation process. There are many tutorials on the Internet. Here I still recommend installing the 2.7.9 32-bit version.

Step 3 download and install Git (optional)

    This is an optional step. If you download Git, it will be easier to get the project on github, because the following projects will only use the git clone command; if you don’t download Git, that’s okay. The git clone https://xxxxx.com command directly opens the https://xxxxx.com website, and then click download in the upper right corner to download the zip package.

Step 4 set environment variables

    The next step is to configure environment variables so that the git python MinGW command can be used in cmd, as shown in the figure:

Step 5 git download pydbg and install

Get the latest version of pydbg     through the git clone https://github.com/Fitblip/pydbg.git command, as shown in the figure:

The result pictures of the subsequent git clone commands will not be posted, they are all operated like this

    Then, enter the pydbg directory and execute the python setup.py install command in the cmd directory , as shown in the figure:

    Do you feel that pydbg has been installed? Actually not. As mentioned above, pydbg depends on libdasm, so it is not completely installed. If we enter the python command line at this time and execute the import pydbg command, an Import Error error will occur! , As shown in the figure:

Step 6 Download libdasm and install

    This step is to install libdasm, first install its extension module, and then install its main module. This is a very easy place to make mistakes. If there are any bugs, you can comment below and we can solve them together.

下载的libdasm解压后目录\pydasm\>python setup.py build_ext -c mingw32
 running build_ext
 building 'pydasm' extension
...省略...

下载的libdasm解压后目录\pydasm\>python setup.py install
 running install
 running build
 running build_ext
 running install_lib
 copying build\lib.win32-2.7\pydasm.pyd -> C:\python27\Lib\site-packages
 running install_egg_info
 Writing C:\python27\Lib\site-packages\pydasm-1.5-py2.7.egg-info
 ...省略...

as the picture shows:

    Let's try now if import pydbg and import pydasm will go wrong, as shown in the figure below:

Step 7 Download Sulley and verify

    We started to download the Sulley main project, git clone https://github.com/OpenRCE/sulley.git After downloading, enter the sulley directory and run the following command to check whether process_monitor.py can run without import errors:

下载Sulley所在目录>python process_monitor.py
ERR> USAGE: process_monitor.py
    <-c|--crash_bin FILENAME> filename to serialize crash bin class to
    [-p|--proc_name NAME]     process name to search for and attach to
    [-i|--ignore_pid PID]     ignore this PID when searching for the target process
    [-l|--log_level LEVEL]    log level (default 1), increase for more verbosity
    [--port PORT]             TCP port to bind this agent to

Step 8 Download Pcapy and WinPcap Dev Kit

    git clone https://github.com/CoreSecurity/pcapy.git and download WinPcap Dev Kit (WinPcap developer version, mainly use the header files and lib here), and put the downloaded WinPack in the c:\Sulley\ directory Next (of course you can choose your own way).

Step 9 compile and install pcapy

    Go to the pcapy directory and run the following code:

pcapy的目录>python setup.py build_ext -c mingw32 -I "C:\sulley\WpdPack\Include" -L "C:\sulley\WpdPack\Lib"(主要是包含这两个目录)
running build_ext
building 'pcapy' extension
creating build
creating build\temp.win32-2.7
creating build\temp.win32-2.7\Release
creating build\temp.win32-2.7\Release\win32
...省略...
pcapy的目录>python setup.py install
running install
running build
running build_ext
running install_lib
copying build\lib.win32-2.7\pcapy.pyd -> C:\python27\Lib\site-packages
running install_data
creating C:\python27\share
creating C:\python27\share\doc
creating C:\python27\share\doc\pcapy
copying README -> C:\python27\share\doc\pcapy
...省略...

This is a very easy place to make mistakes. If there are any bugs, you can comment below and we can solve them together.

Step 10 Download and install WinPcap

    Do you feel that pcapy has been installed, but it is not. If we enter the Python command line and execute the import pcapy command, we will find Import Error: DLL not fond error, as shown in the figure:

    This is because we have not installed WinPcap yet, these DLLs are missing, download WinPcap , and then install it (always pull next to ok), and finally we run the import pcapy command again, and we will find that there is no problem, as shown in the figure:

Step 11 Download and install Impacket

    git clone https://github.com/CoreSecurity/impacket.git to download the Impacket package, then enter the directory and execute the install command:

Impacket的目录>python setup.py install
running install
running build
running build_py
creating build
creating build\lib
creating build\lib\impacket
copying impacket\ImpactDecoder.py -> build\lib\impacket
copying impacket\ImpactPacket.py -> build\lib\impacket
copying impacket\nmb.py -> build\lib\impacket
copying impacket\ntlm.py -> build\lib\impacket
copying impacket\smb.py -> build\lib\impacket
copying impacket\structure.py -> build\lib\impacket
copying impacket\uuid.py -> build\lib\impacket
copying impacket\__init__.py -> build\lib\impacket
creating build\lib\impacket\dcerpc
...省略...

Step 12 The last step-run network_monitor.py

    Finally, run network_monitor.py to ensure that the module is successfully installed! As shown in the figure: the

    Network Device List is the list of network cards, OK, you're done! We can start fuzzing !

PS: Here I provide all the above installation packages needed to install sulley for everyone to download. Lazy must: package all installation packages

postscript

    The installation steps of Sulley are troublesome. Next, I will update two articles. One is mainly to introduce some concepts of Sulley, and the second real case is to fuzz test those vulnerable ftp servers. I hope you will continue to pay attention. .