0

Hello all,

I'm studying socket programming and have trouble when simulate a FTP server (I don't want to use pyftpdlib). The problem is when the client want to list the directory (LIST command) on the server, I do not find a way to send directory contents.

here is the code:

#!/usr/bin/python

from socket import *

host = "0.0.0.0"
port = 21

s = socket(AF_INET, SOCK_STREAM)
s.bind((host, port))
s.listen(1)

print "[+] Simple FTP Server Started."
print "[+] Listening on port %d ..." % port

cl, addr = s.accept()

print "- Connection accepted from %s" % addr[0]

def ftpserv():
	dirlist = "drwxrwxrwx    1 100      0           11111 Jun 11 21:10 file1.txt\r\n"
	dirlist += "-rw-rw-r--    1 1176     1176         1060 Aug 16 22:22 file2.txt\r\n"
	
	welcome = "220 Welcome to Simple FTP Server\r\n"
	cl.send(welcome)
	cl.recv(1024)
	cl.send("331 User name okay, need password\r\n")	# received USER
	cl.recv(1024)
	cl.send("230-Password accepted\r\n")		# received PASS
	cl.send("230 User logged in.\r\n")
	cl.recv(1024)
	cl.send("215 UNIX Type: L8\r\n")   # received from SYST
	cl.recv(1024)
	cl.send("211-Features:\r\n")		# received from FEAT
	cl.send("211 End\r\n")
	cl.recv(1024)
	cl.send("200 Type set to I\r\n")	# received from TYPE I
	cl.recv(1024)
	cl.send("200 OK\r\n")			# received from REST 0
	cl.recv(1024)
	cl.send("257 \"/\" is current directory\r\n")	# received from PWD
	cl.recv(1024)
	cl.send("227 Entering Passive Mode ("+addr[0]+",2521)\r\n")	
	cl.recv(1024)
	cl.send("150 Here comes the directory listing\r\n") 	# received from LIST
	cl.send("total 2\r\n"+dirlist)
	cl.send("226 Directory send ok\r\n")
	cl.close() 
ftpserv()

s.close()

thanks for the help :)

Edited by l00kit: n/a

4
Contributors
5
Replies
6
Views
6 Years
Discussion Span
Last Post by l00kit
0

I do not understand how you process information. For me looks that you do not process or save received information.

0

I do not understand how you process information. For me looks that you do not process or save received information.

I do not process the information, I just simulate it to check that the FTP client will work well. The problem is when the FTP client send the LIST command to the server (actually, the script above).

0

what do you mean by list command?
Normally, ftp client will read the data of the connected address in a list form.... is that what you want?

0

what do you mean by list command?
Normally, ftp client will read the data of the connected address in a list form.... is that what you want?

Ok, actually, what I want to build is a proof of concept. I research vulnerability on a ftp client, and the client error (buffer overflow condition) when received LIST with long string (e.g. A * 5000). But I can't simulate it, and got stuck on handle LIST from client.

The error occured when this condition is met:

junk = A * 5000
dirlist = "drwxrwxrwx 1 100 0 11111 Jun 11 21:10 "+junk+".txt\r\n"
cl.send("total 2\r\n"+dirlist)


please help. thank you.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.