Pages

31 December 2010

Scanner FTP Vulnerability

#!/usr/bin/python

import socket


def bo(bo_com, bo_size, bo_type):
    ncom = len(bo_com)
    nsize = len(bo_size)
    ntype = len(bo_type)
    for ia in range(0,ncom):
        var = str(bo_com[ia]) + " "
        for ib in range(0,ntype):
            var1 = str(bo_type[ib]) + " "
            for ic in range(0,nsize):
                var2 = (bo_size[ic])
                buffer = var + var1
                s.send(buffer * var2 +"\r\n")
                msgbo = s.recv(3)
                if msgbo != "500":
                    print("Buffer Oveflow")
                    print ("Command " + var)     
                    print s.recv(1024)        
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("127.0.0.1",21))
s.recv(1024)
s.send("user ftp\r\n")
s.recv(1024)
s.send("pass ftp\r\n")
s.recv(1024)

bo_com = ["QUOTE","MGET","MPUT","ABOR","ACCT","ALLO","APPE","AUTH","CWD","CDUP","DELE","FEAT","HELP","HOST","LANG","LIST","MDTM","MKD","MLST","MODE","NLST","NLST -al","NOOP","OPTS","PASV","PORT","PROT","PWD","REIN","REST","RETR","RMD","RNFR","RNTO","SIZE","SITE","SITE CHMOD","SITE CHAWN","SITE EXEC","SITE INDEX","SITE MSG","SITE PSWD","SITE ZONE","SITE WHO","SMNT","STAT","STOR","STOU","STRU","SYST","TYPE","XCUP","XCRC","XCWD","XMKD","XPWD","XRMD"]
bo_size = [100,500,1000,5000,10000,50000]
bo_type = ["A","\n","/n","!A","../",".././","@",""]
bo(bo_com, bo_size, bo_type)
print s.recv(1024)

0 comments: