![fuzzing tools for windows fuzzing tools for windows](https://1.bp.blogspot.com/-orO-gUro2bw/X6iHNMtmu4I/AAAAAAAAUTs/SH8JlI7Z304rGtF9L2QJ0Jqu5mfyGH4DACNcBGAsYHQ/w640-h298/py3webfuzz_3_sqli-code-test.gif)
But, we might have found another zero-day in sudo, and that is exciting! You know what we have to do: keep digging. On one hand, we have some crashes, and on the other, none seem to be sudoedit. This is not at all what we were hoping to see.
![fuzzing tools for windows fuzzing tools for windows](https://4.bp.blogspot.com/-F1UXB6iO4Q8/XQ4JnaDSRUI/AAAAAAAABdU/ca-b52sn1OYZhVzYbrTvgYZBetJT8QNkgCK4BGAYYCw/s1600/test2.gif)
Looking for sudoedit in the crash-inducing inputs, the fast way. To go faster, we used grep to parse through all the output files for the keyword sudoedit using: grep -R sudoedit. Could afl even have found the sudoedit vulnerability? Getting the inputs that caused crashes. However, our test case shows neither sudo nor sudoedit in the argv. Also, the first one should be the program name, in argv. The output needs to be seen as a list of command arguments that have a null-byte separation. Since they are in binary, we use hexdump to read its contents: hexdump -C /tmp/out3/f2/crashes/id000000,sig:11,src:000641,op:havoc,rep:8 What does all of this binary mean? hexdump to the rescue. Each of these folders contains a crashes subfolder, which itself contains the crashing inputs. Since we ran four parallel fuzzing processes last time, we also have four output folders in the aforementioned directory, aptly-named f1, f2, f3, and f4. If you remember the way afl works and is set up, you'll know that afl stores each input that crashed the fuzzed binary in the out folder, which for our purposes, is located at /tmp/out3/. We've got some crashes! Checking Crashes Finding the Fuzzed Argument afl's dashboard indicated that we had some crashes (49 unique ones), so there was definitely a chance that we'd found the sudoedit vulnerability! You know it: we have to investigate. We let it run over a day, and then decided it was time to check the results. In our last video and article, we set up afl to fuzz the sudo binary in order to find the sudoedit vulnerability (CVE-2021-3156). Finally, we set up AFL and AFL++ running in parallel with different test cases to see if we could find the vulnerability. The crashes are surprisingly due to buffer overflows in AFL itself, so we set out to fix it. We're logging crashes with AFL as we try to fuzz our way to the recent critical sudo vulnerability (CVE-2021-3156).