[fuzzing] Sulley wont fuzz
Sébastien Duquette
ekse.0x at gmail.com
Mon Mar 29 02:14:10 UTC 2010
I didn't play much with sulley, but you should try capturing the
requests sent to the server with a tool like Wireshark to see the
fuzzed data and server response. That should give you an idea where
the problem lies.
On Sun, Mar 28, 2010 at 9:19 PM, Daniel Hood <dsmhood at gmail.com> wrote:
> List,
>
> I'm trying to get Sulley up and running so wrote a full FTP protocol
> descriptor (not sure what exactly they are called), and then setup
> Sulley against WarFTPD 1.65 (known USER bof issue) which was a setup
> on a Windows XP SP3 machine with DEP turned off.
>
> Attached are my scripts.
>
> But it finds nothing. Goes through all test cases (ran three times)
> and it finds nothing. So I cut it down to just the USER command
> statement and ran 5 more times and still nothing. What am I doing
> wrong?!? If I stop the fuzzer, run a python script that sends the USER
> command then 1000 A's to the WarFTPD 1.65, it crashes and triggers the
> vulnerabillity so I know its not my setup, it must be something to do
> with the way I have Sulley setup or the scripts programmed.
>
> Any ideas guys?
>
> Dan
>
> _______________________________________________
> fuzzing mailing list
> fuzzing at whitestar.linuxbox.org
> http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
>
>
More information about the fuzzing
mailing list