I followed this tutorial, however I had installation problems. I decided to write down the steps to set up the whole environment.


1, First I created a Window7 32 bit VMWare image. (I could not run it on Windows XP.) I disabled the Firewall. (Firewall is not a big problem, but if we let it run, we have to enable the VulnServer and Peach. It is easier if we simply disable it.)


2, Then I downloaded the Peach from here. I right-clicked on the zip file and pressed the Unblock button. Without this step I had problems with running Peach as it came from untrusted source.


Then I extracted the zip file into ‘Program Files’ folder and renamed it to Peach.


3, I downloaded the .NET Framework from here. I installed it. This is necessary before we try to install the Windows SDK.


4, I downloaded the Windows SDK from here. This contains the WinDbg. I installed it and selected only the ‘Debugging Tools for Windows’ during installation.



5, I installed the VulnServer into C:\.


6, I created the XML file for Peach. I saved it as ‘C:\Program Files\Peach\hter.xml’.


<?xml version="1.0" encoding="utf-8"?>
<Peach xmlns="http://peachfuzzer.com/2012/Peach" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://peachfuzzer.com/2012/Peach ../peach.xsd">

  <DataModel name="DataHTER">
    <String value="HTER " mutable="false" token="true"/>
    <String value=""/>
    <String value="\r\n" mutable="false" token="true"/>
  <StateModel name="StateHTER" initialState="Initial">
    <State name="Initial">
      <Action type="input" ><DataModel ref="DataResponse"/></Action>
      <Action type="output"><DataModel ref="DataHTER"/></Action>
      <Action type="input" ><DataModel ref="DataResponse"/></Action>

  <DataModel name="DataResponse">
    <String value=""/>

  <Agent name="RemoteAgent" location="tcp://">
    <!-- Run and attach windbg to a vulnerable server. -->
    <Monitor class="WindowsDebugger">
      <Param name="CommandLine" value="C:\vulnserver\vulnserver.exe"/>
	  <Param name="WinDbgPath" value="C:\Program Files\Debugging Tools for Windows (x86)" />

  <Test name="TestHTER">
    <Agent ref="RemoteAgent"/>
    <StateModel ref="StateHTER"/>
    <Publisher class="TcpClient">
      <Param name="Host" value=""/>
      <Param name="Port" value="9999"/>
	<Logger class="File">
      <Param name="Path" value="Logs"/>


7, I opened a Command Prompt, navigated to ‘C:\Program Files\Peach’ and executed the following command line:

peach -a tcp

This will start the Peach Agent.



8, I opened another Command Prompt, navigated to ‘C:\Program Files\Peach’ and executed the following command line:

peach hter.xml TestHTER


If the Peach Fuzzer finds a vulnerability, it will log it into the ‘C:\Program Files\Peach\Logs’ folder. The file with .bin extension will contain the data, that is sent by Peach and caused exception.