Search code examples
rubybuffer-overflowfuzzing

Using Ruby to fuzz FTP Server

Hey, I'm new to Ruby and trying to learn by porting some progs from one language to another. Right now I'm working on an FTP fuzzer in Ruby that mirrors this perl script:

use Net::FTP;
$target = "192.168.37.128";
$buffer = "A\x20";
$buffer .= "A" x 512;
$ftp = Net::FTP->new($target, Debug => 0, Timeout => 5)
      or die "Cannot connect to $host: $@ \n";
$ftp->login("anonymous",'anonymous@nowhere.com')
      or die "Couldn't log in: $@\n";
$ftp->list($buffer);
$ftp->quit;

This is my Ruby equivalent:

require 'net/ftp'
buffer = 'A\x20'
buffer = (buffer + ('A'*512))
ftp = Net::FTP.open('127.0.0.1','anonymous','anonymous')
ftp.login
ftp.list(buffer)
ftp.quit

When I run the program I get the following error:

C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:241:in `readline': end of file reached (EOF
Error)
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:241:in `getline'
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:251:in `getmultiline'
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:265:in `getresp'
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:281:in `voidresp'
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:304:in `block in voidcmd'
        from C:/Ruby192/lib/ruby/1.9.1/monitor.rb:201:in `mon_synchronize'
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:302:in `voidcmd'
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:155:in `send_type_command'
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:149:in `binary='
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:168:in `ensure in with_binary'

        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:168:in `with_binary'
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:440:in `block in retrlines'
        from C:/Ruby192/lib/ruby/1.9.1/monitor.rb:201:in `mon_synchronize'
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:439:in `retrlines'
        from C:/Ruby192/lib/ruby/1.9.1/net/ftp.rb:682:in `list'
        from ftpcrash.rb:10:in `<main>'

I've traced the issue to the ftp.list(buffer) line, but can't come up with a Ruby solution that will accomplish what $ftp->list($buffer) does in the perl one.

Suggestions?

Solution

  • The buffer is unnecessary. #list takes an optional argument like '*n', not a buffer, and it returns an array.

    require 'net/ftp'
ftp = Net::FTP.open('ftp.gnu.org','anonymous','')
puts ftp.list
ftp.quit