Meta Bug Bounty — Fuzzing “netconsd” for fun and profit - part 1
Working with binaries and source code have been my passion since I started hacking. The first topic I stumbled upon when I started learning was stack based buffer overflows, the topic was very interesting and enjoyable for me, and it felt like black magic, a bunch of seemingly random hexadecimal bytes and voilà a shell.
I believe many people fell the same since whenever someone drops a shell during a talk, and even though it’s just a demo, you hear people clapping.
I started focusing lately on binary and open source targets during my hunt, either by reviewing the source code or creating a fuzz harness to fuzz the application, in hopes to find interesting crashes.
In this article, I will walk you through the process of writing a fuzz harness for one of Meta’s open source projects (netconsd), netconsd is a daemon for receiving and processing logs from the Linux Kernel, and it’s written in c++, there’ve been some efforts to reimplement it in rust, but based on the last few commits it seems that the plan changed, and it’s not happening for some reason.
When fuzzing network applications using afl++ you have some options, one of them “desocketing” using a library like libdesock, this will allow the application to read from stdin instead of reading packets through the network.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25831586/STKB310_REDNOTE_XIAOHONGSHU_B.jpg)
