diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 98b17bdd..f0c8a9e1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,7 @@ Features - Windows procmon now runs even if pydbg fails. - Added `--help` parameter to process monitor. - Target class now takes `procmon` and `procmon_options` in constructor. +- Added example fuzz scripts. Fixes ----- diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 00000000..8ff15407 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,4 @@ +Examples +======== +Most of these examples are leftover from Sulley and may not be working. +The ftp- examples, however, are maintained and designed for boofuzz. \ No newline at end of file diff --git a/examples/ftp-simple.py b/examples/ftp-simple.py new file mode 100644 index 00000000..d7b38c3e --- /dev/null +++ b/examples/ftp-simple.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python +# Designed for use with boofuzz v0.0.8 +from boofuzz import * + + +def main(): + """ + This example is a very simple FTP fuzzer. It uses no process monitory + (procmon) and assumes that the FTP server is already running. + """ + session = Session( + target=Target( + connection=SocketConnection("127.0.0.1", 21, proto='tcp'))) + + s_initialize("user") + s_string("USER") + s_delim(" ") + s_string("anonymous") + s_static("\r\n") + + s_initialize("pass") + s_string("PASS") + s_delim(" ") + s_string("james") + s_static("\r\n") + + s_initialize("stor") + s_string("STOR") + s_delim(" ") + s_string("AAAA") + s_static("\r\n") + + s_initialize("retr") + s_string("RETR") + s_delim(" ") + s_string("AAAA") + s_static("\r\n") + + session.connect(s_get("user")) + session.connect(s_get("user"), s_get("pass")) + session.connect(s_get("pass"), s_get("stor")) + session.connect(s_get("pass"), s_get("retr")) + + session.fuzz() + + +if __name__ == "__main__": + main() diff --git a/examples/ftp-with-procmon.py b/examples/ftp-with-procmon.py new file mode 100644 index 00000000..980e434d --- /dev/null +++ b/examples/ftp-with-procmon.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python +# Designed for use with boofuzz v0.0.8 +from boofuzz import * + + +def main(): + """ + This example is a very simple FTP fuzzer using a process monitor (procmon). + It assumes that the procmon is already running. The script will connect to + the procmon and tell the procmon to start the target application + (see start_cmd). + + The ftpd.py in `start_cmd` is a simple FTP server using pyftpdlib. You can + substitute any FTP server. + """ + target_ip = "127.0.0.1" + start_cmd = ['python', 'C:\\ftpd\\ftpd.py'] + session = Session( + target=Target( + connection=SocketConnection(target_ip, 21, proto='tcp'), + procmon=pedrpc.Client(target_ip, 26002), + procmon_options={"start_commands": [start_cmd]} + ), + sleep_time=1, + ) + + s_initialize("user") + s_string("USER") + s_delim(" ") + s_string("anonymous") + s_static("\r\n") + + s_initialize("pass") + s_string("PASS") + s_delim(" ") + s_string("james") + s_static("\r\n") + + s_initialize("stor") + s_string("STOR") + s_delim(" ") + s_string("AAAA") + s_static("\r\n") + + s_initialize("retr") + s_string("RETR") + s_delim(" ") + s_string("AAAA") + s_static("\r\n") + + session.connect(s_get("user")) + session.connect(s_get("user"), s_get("pass")) + session.connect(s_get("pass"), s_get("stor")) + session.connect(s_get("pass"), s_get("retr")) + + session.fuzz() + + +if __name__ == "__main__": + main() diff --git a/new_examples/fuzz_http_server.py b/examples/fuzz_http_server.py similarity index 100% rename from new_examples/fuzz_http_server.py rename to examples/fuzz_http_server.py