Fuzzing with Metasploit : Simple FTP fuzzer

Published October 19, 2009 |

Just wanted to drop a quick note about the release of another free script. This time I’ve written a simple FTP fuzzer (with a little help from HDMoore) in Metasploit. You can read more about it (and download the script) at http://www.corelan.be:8800/index.php/my-free-tools/security/metasploit/simple-ftp-fuzzer-metasploit-module/

This is why I like Metasploit so much… :-)

Update : after running some fuzzing instances against a couple of FTP servers (Win32), I have noticed that some odd folders were created in my ftp root folder, and that these folders cannot be renamed or removed anymore

(Error message : “Cannot read from the source file or disk”)

Solution : the rmdir command allow you to remove these folders using a \\?\ reference

Let’s say the ftp root is located at ftp, and the folder that cannot be removed looks like a bunch of A’s, with spaces in between, then you can remove this folder with the following command :

rmdir /S /Q "\\?\C:\ftp\A A A A A A A A A A A A A A A "

(basically, use TAB completion to fill out the full name of the folder)

(I’ve found this solution at http://blog.dotsmart.net/2008/06/12/solved-cannot-read-from-the-source-file-or-disk/)

Posted in 001_Security, Exploits, My Free Tools, Scripts | Tagged free, ftp fuzzer, fuzzer, fuzzer-metasploit, fuzzing, fuzzing-con-metasploit, fuzz_ftp.rb, good-ftp-fuzzer, hdmoore, metasploit, metasploit-fuzzer, metasploit-fuzzers, metasploit-fuzzing, metasploit-ike, ruby, script, security metasploit, server, simple ftp, simple-ftp-fuzzer

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::