Written in Python, i try to make a simple fuzzer for FTP server. This script will try to fuzz the commands like APPE, USER, LIST, CWD, etc..you can find all commands here 😉

This script is simply a modified version from muts simple ftp fuzzer during offsec training 😀

Hope you like it 🙂

#!/usr/bin/env python

########################################################
# Very Simple FTP Fuzzer                               #
# this is a modified version from simple ftp fuzzer    #
# coded by muts                                        #
#                                                      #
# thx: oebaj, offsec, xecureit, jasakom, 0x70y #
########################################################

import sys, socket
from optparse import OptionParser

usage = "./%prog -t [target] -p [port] -u [ftp user] -P [ftp passwd] -c [command to fuzz]"
usage += "nContoh: ./%prog -t 192.168.10.10 -p 21 -u ftp -P ftp -c APPE"
parser = OptionParser(usage=usage)
parser.add_option("-p", type="string", action="store", dest="port",
		help="Port to connect")
parser.add_option("-t", type="string", action="store", dest="target",
		help="The target server")
parser.add_option("-u", type="string", action="store", dest="username",
		help="FTP username")
parser.add_option("-P", type="string", action="store", dest="password",
		help="FTP password")
parser.add_option("-c", type="string", action="store", dest="fuzz",
		help="Command to Fuzz ")
(options, args) = parser.parse_args()

def banner():
	print "ntt|------------------------------------------------------------------|"
	print "tt|	  	      Very Simple FTP Fuzzer			   |"
	print "tt|------------------------[ by modpr0be ]---------------------------|"
	print "tt|-----------------[ modpr0be[at]postnix[dot]org ]------------------|"
	print "tt|-------------------[ originally coded by muts ]-------------------|"
	print "tt|------------------------------------------------------------------|n"

if len(sys.argv) < 4:
	banner()
	parser.print_help()
	sys.exit(1)

def cmd():
	for string in buffer:
		print "Fuzzing command " + (options.fuzz) + ": " +str(len(string))
		s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
		connect=s.connect((options.target, 21))
		s.recv(1024)
		s.send('USER '+(options.username)+'rn')
		s.recv(1024)
		s.send('PASS '+(options.password)+'rn')
		s.recv(1024)
		s.send((options.fuzz) + ' ' + string + 'rn')
		s.recv(1024)
		s.send('byern')
		s.close()

banner()
buffer = ["A"]
counter = 100
while len(buffer) <=100:
	buffer.append("A" * counter)
	counter = counter + 100
cmd()

#20109modpr0be

About the Author modpr0be

Posisi saya saat ini sebagai direktur dan pemilik PT Spentera, sebuah perusahaan yang fokus dalam bidang penetration test, incident response, intrusion analysis and forensic investigation. Saya sering memberikan konsultasi tentang strategi keamanan kepada investor, mitra, dan pelanggan. Saya juga memberikan materi dalam bentuk pelatihan dan kontribusi komunitas dalam bentuk seminar, workshop, dan diskusi dengan berbagai topik seperti teknik peretasan, teknik eksploitasi, dan analisis intrusi. Saya juga berkontribusi untuk repositori eksploit Metasploit Framework sebagai pengembang kode eksploit. Saat ini saya memegang sertifikasi dari Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), ISO/IEC ISMS 27001: 2013 Lead Auditor/Auditor, GIAC Certified Intrusion Analyst (GCIA), dan Offensive Security Exploitation Expert (OSEE). Jika ingin menghubungi saya dapat melalui email di tom at spentera dot id.

Tinggalkan Balasan

Please log in using one of these methods to post your comment:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google

You are commenting using your Google account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d blogger menyukai ini: