O'Reilly logo

Gray Hat Python by Justin Seitz

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Slaying WarFTPD with Sulley

Now that you have a basic understanding of how to create a protocol description using Sulley primitives, let's apply it to a real target, WarFTPD 1.65, which has a known stack overflow when passing in overly long values for the USER or PASS commands. Both of those commands are used to authenticate an FTP user to the server so that the user can perform file transfer operations on the host the server daemon is running on. Download WarFTPD from ftp://ftp.jgaa.com/pub/products/Windows/WarFtpDaemon/1.6_Series/ward165.exe. Then run the installer. It will unzip the WarFTPD daemon into the current working directory; you simply have to run warftpd.exe to get the server going. Let's take a quick look at the FTP protocol so that ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required