marpie/boofuzz-freefloatftp-simple.py

## boofuzz-freefloatftp-simple.py
#!/usr/bin/env python
import sys
import time

from boofuzz import \
    pedrpc,                 \
    s_binary,               \
    s_block_end,            \
    s_block_start,          \
    s_delim,                \
    s_dword,                \
    s_get,                  \
    s_group,                \
    s_initialize,           \
    s_num_mutations,        \
    s_repeat,               \
    s_size,                 \
    s_static,               \
    s_string,               \
    s_word,                 \
    sessions,               \
    SocketConnection

s_initialize("user")
s_static("USER")
s_delim(" ")
s_static("ftp")
s_static("\r\n")

s_initialize("pass")
s_static("PASS")
s_delim(" ")
s_static("ftp")
s_static("\r\n")

s_initialize("cwd")
s_static("CWD")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

s_initialize("dele")
s_static("DELE")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

s_initialize("port")
s_static("PORT")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

s_initialize("retr")
s_static("RETR")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

s_initialize("stor")
s_static("STOR")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

s_initialize("xmkd")
s_static("XMKD")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

s_initialize("xrmd")
s_static("XRMD")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")


print "Mutations: " + str(s_num_mutations())

#print "Press CTRL/C to cancel in ",
#for i in range(3):
#	print str(3 - i) + " ",
#	sys.stdout.flush()
#	time.sleep(1)

def receive_ftp_banner(sock):
    sock.recv(1024)

print "Instantiating session"
sess = sessions.Session(session_filename="ftp.session", sleep_time=0.25, check_data_received_each_request=False)

print "Instantiating target"
target = sessions.Target(SocketConnection("127.0.0.1", 21, proto='tcp'))
target.procmon = pedrpc.Client("127.0.0.1", 26002)

target.procmon_options =  {
	"proc_name" : "ftps.exe",
	"stop_commands" : ['taskkill /IM ftps.exe /F'],
	"start_commands" : ['C:\\work\\ftps.exe'],
}

sess.pre_send = receive_ftp_banner #grab the banner
sess.add_target(target)

sess.connect(s_get("user")) # Notice our commands from the previous file
sess.connect(s_get("user"),s_get("pass"))

# fuzz cases
sess.connect(s_get("pass"),s_get("cwd"))
sess.connect(s_get("pass"),s_get("dele"))
sess.connect(s_get("pass"),s_get("port"))
sess.connect(s_get("pass"),s_get("retr"))
sess.connect(s_get("pass"),s_get("stor"))
sess.connect(s_get("pass"),s_get("xmkd"))
sess.connect(s_get("pass"),s_get("xrmd"))

print "Starting fuzzing now"
sess.fuzz()
	#!/usr/bin/env python
	import sys
	import time

	from boofuzz import \
	pedrpc, \
	s_binary, \
	s_block_end, \
	s_block_start, \
	s_delim, \
	s_dword, \
	s_get, \
	s_group, \
	s_initialize, \
	s_num_mutations, \
	s_repeat, \
	s_size, \
	s_static, \
	s_string, \
	s_word, \
	sessions, \
	SocketConnection

	s_initialize("user")
	s_static("USER")
	s_delim(" ")
	s_static("ftp")
	s_static("\r\n")

	s_initialize("pass")
	s_static("PASS")
	s_delim(" ")
	s_static("ftp")
	s_static("\r\n")

	s_initialize("cwd")
	s_static("CWD")
	s_delim(" ")
	s_string("AAAA")
	s_static("\r\n")

	s_initialize("dele")
	s_static("DELE")
	s_delim(" ")
	s_string("AAAA")
	s_static("\r\n")

	s_initialize("port")
	s_static("PORT")
	s_delim(" ")
	s_string("AAAA")
	s_static("\r\n")

	s_initialize("retr")
	s_static("RETR")
	s_delim(" ")
	s_string("AAAA")
	s_static("\r\n")

	s_initialize("stor")
	s_static("STOR")
	s_delim(" ")
	s_string("AAAA")
	s_static("\r\n")

	s_initialize("xmkd")
	s_static("XMKD")
	s_delim(" ")
	s_string("AAAA")
	s_static("\r\n")

	s_initialize("xrmd")
	s_static("XRMD")
	s_delim(" ")
	s_string("AAAA")
	s_static("\r\n")


	print "Mutations: " + str(s_num_mutations())

	#print "Press CTRL/C to cancel in ",
	#for i in range(3):
	# print str(3 - i) + " ",
	# sys.stdout.flush()
	# time.sleep(1)

	def receive_ftp_banner(sock):
	sock.recv(1024)

	print "Instantiating session"
	sess = sessions.Session(session_filename="ftp.session", sleep_time=0.25, check_data_received_each_request=False)

	print "Instantiating target"
	target = sessions.Target(SocketConnection("127.0.0.1", 21, proto='tcp'))
	target.procmon = pedrpc.Client("127.0.0.1", 26002)

	target.procmon_options = {
	"proc_name" : "ftps.exe",
	"stop_commands" : ['taskkill /IM ftps.exe /F'],
	"start_commands" : ['C:\\work\\ftps.exe'],
	}

	sess.pre_send = receive_ftp_banner #grab the banner
	sess.add_target(target)

	sess.connect(s_get("user")) # Notice our commands from the previous file
	sess.connect(s_get("user"),s_get("pass"))

	# fuzz cases
	sess.connect(s_get("pass"),s_get("cwd"))
	sess.connect(s_get("pass"),s_get("dele"))
	sess.connect(s_get("pass"),s_get("port"))
	sess.connect(s_get("pass"),s_get("retr"))
	sess.connect(s_get("pass"),s_get("stor"))
	sess.connect(s_get("pass"),s_get("xmkd"))
	sess.connect(s_get("pass"),s_get("xrmd"))

	print "Starting fuzzing now"
	sess.fuzz()