hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > Windows Systems
101
Sep 13 2004, 08:09 AM
Credits to Patrick Thomassen for the bug discovery.
Tested working.
visit DFind.org if you want the source file.
illusion6
Sep 13 2004, 09:05 AM
thanks
oxydrine
Sep 13 2004, 09:20 AM
excellent wink.gif

Thx for your share

wink.gif
nackas
Sep 13 2004, 09:39 AM
QUOTE (illusion6 @ Sep 13 2004, 07:05 PM)
thanks

I'm quite sure this is stressed by all members here... please do not reply with a simple 'thanks'. Be more creative in your response, it's not so hard to throw in a few more words, and *pow*.. you have a sentence.

Anyway, back on topic, thanks for the exploit 101. There's also been 2 other exploits posted, but the more the merrier.. more to learn from wink.gif
soundslider
Sep 13 2004, 10:57 AM
thx 4 the exploit, i'll test it
FTPServerTools
Sep 13 2004, 11:03 AM
This exploit can be stopped by using ServuEvent.dll and adding the following in permissions:
[Permissions]
STOU AUX=DENY|*|*
the other devices can be blocked in a similar way.
I will add this in my ServuExploitStopper.dll to block this potential exploit. smile.gif
The idea is very simple, tank you for sharing it.
Crazycold
Sep 13 2004, 12:19 PM
how can i get a shell with this exploit? or is it only for shutting down servu?
101
Sep 13 2004, 12:24 PM

actually , you can't , but soon prolly.
Ecko
Sep 13 2004, 01:05 PM
QUOTE (Crazycold @ Sep 13 2004, 12:19 PM)
how can i get a shell with this exploit? or is it only for shutting down servu?

now it's just a dos exploit, so it just kill servu...
usch
Sep 13 2004, 01:38 PM
QUOTE (101 @ Sep 13 2004, 12:24 PM)
actually , you can't , but soon prolly.

i think we cant expect any code execution for this bug because:
correct me if thats wrong , but this isnt a buffer overflow.it is an exception handling error and i think we cant execute code trough it.
im not sure but i guess code execution is only possible if u overflow the buffer and paste ur code in the next part of the memory and this is not the case here.

damn buffer overflows sound diffucult


so long

usch
Fr0gg
Sep 13 2004, 04:57 PM
Thanks Class !

je vais tester !
Hellraiseruk
Sep 13 2004, 05:58 PM
@FTPServerTools

do u mean put that in ur .ini cuz i don't have that .dll in my serv-u folder?
mortello
Sep 13 2004, 06:20 PM
QUOTE (Hellraiseruk @ Sep 13 2004, 05:58 PM)
@FTPServerTools

do u mean put that in ur .ini cuz i don't have that .dll in my serv-u folder?

can't find it either in my serv-U installation folder....any help would be appreciated smile.gif
Dominater
Sep 13 2004, 07:11 PM
QUOTE (mortello @ Sep 13 2004, 06:20 PM)
QUOTE (Hellraiseruk @ Sep 13 2004, 05:58 PM)
@FTPServerTools

do u mean put that in ur .ini cuz i don't have that .dll in my serv-u folder?

can't find it either in my serv-U installation folder....any help would be appreciated smile.gif

google knows it all smile.gif

heres the dll file: http://ftpservertools.tripod.com/ServuEvent.zip

Add this lines to your servu ini file:

CODE
[EXTERNAL]
EventHookDll1=Servuevent.dll


All you need in servuevent.ini is:

CODE
[Permissions]
STOU=DENY|*|*


this will block all stou commands...
upload the Servuevent.dll and ServuEvent.ini in the same folder as servu is, restart servu, and its fixed smile.gif

CODE
[L] stou com1
[L] 550 Command access denied
mortello
Sep 13 2004, 07:15 PM
Thanks dominator.,...should have consulted that dear google friend

thanks

Direct linking doesn't seem to work, so go there : http://ftpservertools.tripod.com/downloads.htm

got it using servuEvent.dll on google.....other links may get found...
Hellraiseruk
Sep 13 2004, 07:54 PM
cheerz guyz wink.gif
n0n4m3
Sep 14 2004, 10:15 AM
hi!
i tested it against 5.1 and it worked. servu crashed. thx for this exploit i think we don't have to wait long until there will be one with a "shell" function.. we'll see it.

cya
noname
FTPServerTools
Sep 14 2004, 11:15 AM
Apparently you all found it indeed.
another blocking option is:
[Permissions]
STOU=DENY|%[ArgsAll]|COM1
STOU=DENY|%[ArgsAll]|COM2
etc...

this would cause a STOU COM1 block.
etc..

Quite simple...
FTPServerTools
Sep 14 2004, 12:31 PM
I have updated ServuExploitStopper.dll to block the STOU crash attempts. Apparently the lousy virus checker called sophos identifies it as a trojan which it isnt. I guess all of you know how to use google. smile.gif
ConfigSys
Sep 14 2004, 08:01 PM
Tested & Worked
TnX
FuzZyBeeR
Sep 15 2004, 08:18 AM
QUOTE (Dominater @ Sep 13 2004, 07:11 PM)
QUOTE (mortello @ Sep 13 2004, 06:20 PM)
QUOTE (Hellraiseruk @ Sep 13 2004, 05:58 PM)
@FTPServerTools

do u mean put that in ur .ini cuz i don't have that .dll in my serv-u folder?

can't find it either in my serv-U installation folder....any help would be appreciated smile.gif

google knows it all smile.gif

heres the dll file: http://ftpservertools.tripod.com/ServuEvent.zip

Add this lines to your servu ini file:

CODE
[EXTERNAL]
EventHookDll1=Servuevent.dll


All you need in servuevent.ini is:

CODE
[Permissions]
STOU=DENY|*|*


this will block all stou commands...
upload the Servuevent.dll and ServuEvent.ini in the same folder as servu is, restart servu, and its fixed smile.gif

CODE
[L] stou com1
[L] 550 Command access denied

Thanx for this info smile.gif need it much more than the DOS exploit smile.gif
TwoDayFly
Sep 15 2004, 07:19 PM
QUOTE (FTPServerTools @ Sep 13 2004, 06:03 AM)
This exploit can be stopped by using ServuEvent.dll and adding the following in permissions:
[Permissions]
STOU AUX=DENY|*|*
the other devices can be blocked in a similar way.
I will add this in my ServuExploitStopper.dll to block this potential exploit. smile.gif
The idea is very simple, tank you for sharing it.

Thanx 4 this very nice tip m8 !

This is very usefull. smile.gif
ConfigSys
Sep 26 2004, 05:00 PM
i dont't understand
can i get shell with this exploit
or it just shut-off serv-u?
Reclone
Sep 26 2004, 06:59 PM
QUOTE (ConfigSys @ Sep 26 2004, 05:00 PM)
i dont't understand
can i get shell with this exploit
or it just shut-off serv-u?

Its a DOS as in Deniel of Service. With this specific exploit it will crash the ftp server.
FTPServerTools
Sep 26 2004, 08:31 PM
Unless of course the serv-u in question is running ServuExploitStopper.dll or has the command blocked in ServuEvent.dll (both options work of course).
ConfigSys
Sep 27 2004, 05:26 AM
Ok
TnX
wink.gif
Intox
Nov 8 2004, 06:05 AM
can someone share it again please ?

merci
FTPServerTools
Nov 8 2004, 09:23 AM
ServuEventStopper is a blocker against the exploit. The STOU exploit can never give you shell access, all it does is crash servu. And it is fixed in 5.2.0.1
lev
Nov 10 2004, 05:53 AM
QUOTE(FTPServerTools @ Nov 8 2004, 09:23 AM)
ServuEventStopper is a blocker against the exploit. The STOU exploit can never give you shell access, all it does is crash servu. And it is fixed in 5.2.0.1
*




yes, mouton, you have very nice stuff

all you serv-u and ftp server freaks be sure to check his other tools as well

very nice indeed

link has been posted (several times wink.gif ) in this thread
DarKFiR3
Apr 29 2005, 06:11 PM
thx smile.gif
tibbar
Apr 29 2005, 06:15 PM
DarKFiR3 read the forum rules, no thx! posts.

I am giving you a warning point, let this be a lesson to you all...I see way to many thanks posts in this post.
Freakazoid
Apr 30 2005, 04:10 AM
Download doesnt work. sad.gif
can somebody pls up it at rapidshare.de or sth???
eXpLosiVe
Jul 7 2005, 02:32 PM
thx
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.