I would to seek help on using SPIKE fuzzer to fuzz an FTP server which I am testing on Freefloat FTP server but do not have idea on how to work on. As I research and tested out many different types of SPIKE fuzzing scripts to do fuzzing on FTP server but the server was not able to crash.
As I try some of the scripts like:
s_readline(); s_string("USER "); s_string_variable("COMMAND"); s_string("\r\n"); s_string("PASS "); s_string_variable("COMMAND"); s_read_packet();
When I ran the script using the 'generic_send_tcp' and also opened the wireshark to capture the traffic, the script does make the server crash. But the issue is that when I look into the first packet of the traffic it shows this:
500 'USER COMMAND' command not understood\r\n
But this wasn't the part that causes the server to crash. As if the first packet successful, it suppose to make it true to the password and it will state '230 User logged in'. But it couldn't manage to pass through till the password stage.
So I would like to seek help anyone that could please assist me in this problem. As I really tried many different methods but could manage to work.