我正在用 Python 开发一个简单的 FTP 模糊器。我首先测试 USER 命令,然后测试后验证命令。问题是在 USER 模糊请求之后,所有其他命令的线程(一次一个)根本没有启动。另一方面,如果我直接启动对所有其他命令的模糊请求,而之前没有对 USER 进行模糊测试(即评论那段代码),它可以正常工作。线程的启动/停止似乎是一个问题。winappdbg api 用于为每个循环启动一个新的 FTP 服务器实例,如果没有发生崩溃,应使用 join() 将其关闭。任何想法?
t = threading.Thread(target=simple_debuggerFTP)
t.start()
ftpfuzzer = FtpFuzz()
i = 2
while True:
# get fuzz heuristic code
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
try:
# send fuzz request
except:
print "[!] Target server doesn't respond any more, check crash logs..."
break
t.join()
# fuzz loop for all other commands
commands = ["PUT", "TEST", "MKD", "CWD"]
for cmd in commands:
t = threading.Thread(target=simple_debuggerFTP)
t.start()
ftpfuzzer.reset()
i = 2
while True:
# get fuzz heuristic
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
try:
# send fuzz request
except:
print "[!] Target server doesn't respond any more, check crash logs..."
break
t.join()