peach

Fuzz FTP Commands

This peach pit makes the assumption that the FTP communication follows the sequence:

‘Receive Banner’ > ‘Send Anonymous Login’ > ‘Receive OK, Request Password’ > ‘Send Password’ > ‘Receive OK’ > ‘Send Command’ > ‘Receive Response’

In order to run this pit you can use the command below, but I’ve also created a python wrapper (below) which can be used to sequentially call peach with different commands to fuzz. This helps automate the process further.

peach -DCOMMAND=###Command to Fuzz### ftp_command_fuzz.xml

[Read more…]

Fuzz Username / Password

Peleus

The following pit is designed for fuzzing a FTP server’s username / password field. The pit assumes the communication sequence of:

‘Receive Banner’ > ‘Send Username’ > ‘Receive Password Request’ > ‘Send Password’ > ‘Receive Response’.

This is designed to run locally on the same machine the server is listening on.

The following commands start the test:

# Fuzz Username
peach ftp_username_password_fuzz.xml TestUsername
# Fuzz Password
peach ftp_username_password_fuzz.xml TestPassword

[Read more…]