This peach pit makes the assumption that the FTP communication follows the sequence:
‘Receive Banner’ > ‘Send Anonymous Login’ > ‘Receive OK, Request Password’ > ‘Send Password’ > ‘Receive OK’ > ‘Send Command’ > ‘Receive Response’
In order to run this pit you can use the command below, but I’ve also created a python wrapper (below) which can be used to sequentially call peach with different commands to fuzz. This helps automate the process further.
peach -DCOMMAND=###Command to Fuzz### ftp_command_fuzz.xml |