Skip to content

Commit

Permalink
Merge pull request #145 from jtpereyda/ftp-examples
Browse files Browse the repository at this point in the history
Ftp examples
  • Loading branch information
jtpereyda authored Apr 30, 2017
2 parents 40ef710 + 351d339 commit 8161820
Show file tree
Hide file tree
Showing 5 changed files with 113 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.rst
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ Features
- Windows procmon now runs even if pydbg fails.
- Added `--help` parameter to process monitor.
- Target class now takes `procmon` and `procmon_options` in constructor.
- Added example fuzz scripts.

Fixes
-----
Expand Down
4 changes: 4 additions & 0 deletions examples/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Examples
========
Most of these examples are leftover from Sulley and may not be working.
The ftp- examples, however, are maintained and designed for boofuzz.
48 changes: 48 additions & 0 deletions examples/ftp-simple.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
#!/usr/bin/env python
# Designed for use with boofuzz v0.0.8
from boofuzz import *


def main():
"""
This example is a very simple FTP fuzzer. It uses no process monitory
(procmon) and assumes that the FTP server is already running.
"""
session = Session(
target=Target(
connection=SocketConnection("127.0.0.1", 21, proto='tcp')))

s_initialize("user")
s_string("USER")
s_delim(" ")
s_string("anonymous")
s_static("\r\n")

s_initialize("pass")
s_string("PASS")
s_delim(" ")
s_string("james")
s_static("\r\n")

s_initialize("stor")
s_string("STOR")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

s_initialize("retr")
s_string("RETR")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

session.connect(s_get("user"))
session.connect(s_get("user"), s_get("pass"))
session.connect(s_get("pass"), s_get("stor"))
session.connect(s_get("pass"), s_get("retr"))

session.fuzz()


if __name__ == "__main__":
main()
60 changes: 60 additions & 0 deletions examples/ftp-with-procmon.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
#!/usr/bin/env python
# Designed for use with boofuzz v0.0.8
from boofuzz import *


def main():
"""
This example is a very simple FTP fuzzer using a process monitor (procmon).
It assumes that the procmon is already running. The script will connect to
the procmon and tell the procmon to start the target application
(see start_cmd).
The ftpd.py in `start_cmd` is a simple FTP server using pyftpdlib. You can
substitute any FTP server.
"""
target_ip = "127.0.0.1"
start_cmd = ['python', 'C:\\ftpd\\ftpd.py']
session = Session(
target=Target(
connection=SocketConnection(target_ip, 21, proto='tcp'),
procmon=pedrpc.Client(target_ip, 26002),
procmon_options={"start_commands": [start_cmd]}
),
sleep_time=1,
)

s_initialize("user")
s_string("USER")
s_delim(" ")
s_string("anonymous")
s_static("\r\n")

s_initialize("pass")
s_string("PASS")
s_delim(" ")
s_string("james")
s_static("\r\n")

s_initialize("stor")
s_string("STOR")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

s_initialize("retr")
s_string("RETR")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

session.connect(s_get("user"))
session.connect(s_get("user"), s_get("pass"))
session.connect(s_get("pass"), s_get("stor"))
session.connect(s_get("pass"), s_get("retr"))

session.fuzz()


if __name__ == "__main__":
main()
File renamed without changes.

0 comments on commit 8161820

Please sign in to comment.