I followed this tutorial, however I had installation problems. I decided to write down the steps to set up the whole environment.

 

1, First I created a Window7 32 bit VMWare image. (I could not run it on Windows XP.) I disabled the Firewall. (Firewall is not a big problem, but if we let it run, we have to enable the VulnServer and Peach. It is easier if we simply disable it.)

 

2, Then I downloaded the Peach from here. I right-clicked on the zip file and pressed the Unblock button. Without this step I had problems with running Peach as it came from untrusted source.

peach02

Then I extracted the zip file into ‘Program Files’ folder and renamed it to Peach.

 

3, I downloaded the .NET Framework from here. I installed it. This is necessary before we try to install the Windows SDK.

 

4, I downloaded the Windows SDK from here. This contains the WinDbg. I installed it and selected only the ‘Debugging Tools for Windows’ during installation.

peach05

 

5, I installed the VulnServer into C:\.

 

6, I created the XML file for Peach. I saved it as ‘C:\Program Files\Peach\hter.xml’.

hter.xml

<?xml version="1.0" encoding="utf-8"?>
<Peach xmlns="http://peachfuzzer.com/2012/Peach" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://peachfuzzer.com/2012/Peach ../peach.xsd">

  <DataModel name="DataHTER">
    <String value="HTER " mutable="false" token="true"/>
    <String value=""/>
    <String value="\r\n" mutable="false" token="true"/>
  </DataModel>
  
  <StateModel name="StateHTER" initialState="Initial">
    <State name="Initial">
      <Action type="input" ><DataModel ref="DataResponse"/></Action>
      <Action type="output"><DataModel ref="DataHTER"/></Action>
      <Action type="input" ><DataModel ref="DataResponse"/></Action>
    </State>
  </StateModel>

  <DataModel name="DataResponse">
    <String value=""/>
  </DataModel>

  <Agent name="RemoteAgent" location="tcp://127.0.0.1:9001">
    <!-- Run and attach windbg to a vulnerable server. -->
    <Monitor class="WindowsDebugger">
      <Param name="CommandLine" value="C:\vulnserver\vulnserver.exe"/>
	  <Param name="WinDbgPath" value="C:\Program Files\Debugging Tools for Windows (x86)" />
    </Monitor>
  </Agent>

  <Test name="TestHTER">
    <Agent ref="RemoteAgent"/>
    <StateModel ref="StateHTER"/>
    <Publisher class="TcpClient">
      <Param name="Host" value="127.0.0.1"/>
      <Param name="Port" value="9999"/>
    </Publisher>
	<Logger class="File">
      <Param name="Path" value="Logs"/>
    </Logger>
  </Test> 
</Peach>

 

7, I opened a Command Prompt, navigated to ‘C:\Program Files\Peach’ and executed the following command line:

peach -a tcp

This will start the Peach Agent.

peach07

 

8, I opened another Command Prompt, navigated to ‘C:\Program Files\Peach’ and executed the following command line:

peach hter.xml TestHTER

 

If the Peach Fuzzer finds a vulnerability, it will log it into the ‘C:\Program Files\Peach\Logs’ folder. The file with .bin extension will contain the data, that is sent by Peach and caused exception.

peach08