[fuzzing] Sulley wont fuzz
ekse.0x at gmail.com
Mon Mar 29 02:14:10 UTC 2010
I didn't play much with sulley, but you should try capturing the
requests sent to the server with a tool like Wireshark to see the
fuzzed data and server response. That should give you an idea where
the problem lies.
On Sun, Mar 28, 2010 at 9:19 PM, Daniel Hood <dsmhood at gmail.com> wrote:
> I'm trying to get Sulley up and running so wrote a full FTP protocol
> descriptor (not sure what exactly they are called), and then setup
> Sulley against WarFTPD 1.65 (known USER bof issue) which was a setup
> on a Windows XP SP3 machine with DEP turned off.
> Attached are my scripts.
> But it finds nothing. Goes through all test cases (ran three times)
> and it finds nothing. So I cut it down to just the USER command
> statement and ran 5 more times and still nothing. What am I doing
> wrong?!? If I stop the fuzzer, run a python script that sends the USER
> command then 1000 A's to the WarFTPD 1.65, it crashes and triggers the
> vulnerabillity so I know its not my setup, it must be something to do
> with the way I have Sulley setup or the scripts programmed.
> Any ideas guys?
> fuzzing mailing list
> fuzzing at whitestar.linuxbox.org
More information about the fuzzing