Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: FTP Fuzzer

Re: FTP Fuzzer

From: Alice Bryson <abryson_at_bytefocus.com>
Date: Wed, 3 May 2006 21:36:26 +0800

hi, could you provide more spec of using this fuzz tool, i use it to
fuzz several ftp server , but it alway crashed before ftp server does.

2005/11/13, infocus <infocus_at_infigo.hr>:
> Hi,
>
> We have released simple and user friendly GUI FTP fuzzer tool for stress
> testing FTP server implementations. It is quite configurable tool, which
> means that you can precisely define which FTP commands will be fuzzed
> with the parameter size and test strings.
>
> Running this fuzzer against FTP server implementations resulted in
> uncovering numerous security vulnerabilities (overflows, format strings)
> in various FTP servers. After short period of fuzzing, fuzzer revealed
> buffer overflow vulnerabilities in for example:
>
> - ArgoSoft FTP Server (RNTO Unicode overflow)
> - Golden FTP Server (NLST overflow)
> - FileZilla FTP Server (MLSD)
> - FileZilla remote server interface (homemade protocol)
> - WarFTPD (various exceptions and WDM.exe overflow)
>
> You can download it from:
> http://www.infigo.hr/files/ftpfuzz.zip
>
>
> Regards,
> Leon Juranic
> 

--
Homepage: http://www.lwang.org
mailto:abryson_at_bytefocus.com
Received on May 03 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos