Tutorials

Very Simple FTP Fuzzer

Thomas Gregory

1 min read

Written in Python, i try to make a simple fuzzer for FTP server. This script will try to fuzz the commands like APPE, USER, LIST, CWD, etc..you can find all commands here ?

This script is simply a modified version from muts simple ftp fuzzer during offsec training ?

Hope you like it ?

#!/usr/bin/env python

########################################################
# Very Simple FTP Fuzzer #
# this is a modified version from simple ftp fuzzer #
# coded by muts #
# 
########################################################

import sys, socket
from optparse import OptionParser

usage = "./%prog -t [target] -p [port] -u [ftp user] -P [ftp passwd] -c [command to fuzz]"
usage += "nContoh: ./%prog -t 192.168.10.10 -p 21 -u ftp -P ftp -c APPE"
parser = OptionParser(usage=usage)
parser.add_option("-p", type="string", action="store", dest="port",
help="Port to connect")
parser.add_option("-t", type="string", action="store", dest="target",
help="The target server")
parser.add_option("-u", type="string", action="store", dest="username",
help="FTP username")
parser.add_option("-P", type="string", action="store", dest="password",
help="FTP password")
parser.add_option("-c", type="string", action="store", dest="fuzz",
help="Command to Fuzz ")
(options, args) = parser.parse_args()

def banner():
print "ntt|------------------------------------------------------------------|"
print "tt| Very Simple FTP Fuzzer |"
print "tt|------------------------[ by modpr0be ]---------------------------|"
print "tt|-----------------[ modpr0be[at]postnix[dot]org ]------------------|"
print "tt|-------------------[ originally coded by muts ]-------------------|"
print "tt|------------------------------------------------------------------|n"

if len(sys.argv) < 4:
banner()
parser.print_help()
sys.exit(1)

def cmd():
for string in buffer:
print "Fuzzing command " + (options.fuzz) + ": " +str(len(string))
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect((options.target, 21))
s.recv(1024)
s.send('USER '+(options.username)+'rn')
s.recv(1024)
s.send('PASS '+(options.password)+'rn')
s.recv(1024)
s.send((options.fuzz) + ' ' + string + 'rn')
s.recv(1024)
s.send('byern')
s.close()

banner()
buffer = ["A"]
counter = 100
while len(buffer) <=100:
buffer.append("A" * counter)
counter = counter + 100
cmd()

#2010@modpr0be

 

Sign up for more like this.

Enter your email
Subscribe