Re: FTP Fuzzer



hi, could you provide more spec of using this fuzz tool, i use it to
fuzz several ftp server , but it alway crashed before ftp server does.


2005/11/13, infocus <infocus@xxxxxxxxx>:
Hi,

We have released simple and user friendly GUI FTP fuzzer tool for stress
testing FTP server implementations. It is quite configurable tool, which
means that you can precisely define which FTP commands will be fuzzed
with the parameter size and test strings.

Running this fuzzer against FTP server implementations resulted in
uncovering numerous security vulnerabilities (overflows, format strings)
in various FTP servers. After short period of fuzzing, fuzzer revealed
buffer overflow vulnerabilities in for example:

- ArgoSoft FTP Server (RNTO Unicode overflow)
- Golden FTP Server (NLST overflow)
- FileZilla FTP Server (MLSD)
- FileZilla remote server interface (homemade protocol)
- WarFTPD (various exceptions and WDM.exe overflow)

You can download it from:
http://www.infigo.hr/files/ftpfuzz.zip


Regards,
Leon Juranic



--
Homepage: http://www.lwang.org
mailto:abryson@xxxxxxxxxxxxx



Relevant Pages

  • Quick n Easy FTP Server pro/lite Logging unicode stack overflow
    ... Logging unicode stack overflow ... Quick 'n Easy FTP Server is a simple and handy FTP server which is ...
    (Bugtraq)
  • FTP Fuzzer
    ... We have released simple and user friendly GUI FTP fuzzer tool for stress ... testing FTP server implementations. ... ArgoSoft FTP Server (RNTO Unicode overflow) ...
    (Bugtraq)
  • FTP Fuzzer
    ... We have released simple and user friendly GUI FTP fuzzer tool for stress ... testing FTP server implementations. ... ArgoSoft FTP Server (RNTO Unicode overflow) ...
    (Vuln-Dev)
  • Re: FTP Fuzzer
    ... testing FTP server implementations. ... fuzzer revealed buffer overflow vulnerabilities in for example: ... [Connecting to x.x.x.x:21... ... BECAUSE OF FUZZING!!! ...
    (Bugtraq)
  • Re: FTP Fuzzer
    ... I've fuzzed more than 20 ftp servers, and noone ... caused fuzzer crash ... If you think that fuzzer terminate fuzzing before it test all commands, ... fuzz several ftp server, but it alway crashed before ftp server does. ...
    (Vuln-Dev)