Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Commit

Permalink
Minor fixes. Fixed RETR, increased buffer size, increased speed of tr…
Browse files Browse the repository at this point in the history 
…ansfer to about 200 KB/sec. Fixed CLNT command. Fixed bans sometimes happening
  • Loading branch information
kolya5544 committed Jan 31, 2020
1 parent 9965337 commit cd84289
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 31 deletions.
52 changes: 29 additions & 23 deletions BearFTP/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ class Program
public static Directory root = new Directory();

//Current version
public static string _VERSION = "v0.2.0 BETA";
public static string _VERSION = "v0.2.1 BETA";

//Default log.
public static StreamWriter logfile = new StreamWriter("log.txt", true);
Expand Down Expand Up @@ -383,6 +383,17 @@ static void Main(string[] args)
{
per_second.Add(new Active(hostname, 1));
}
try
{
if (bans.Any(ban => ban.hostname == hostname))
{
client.Close();
}
}
catch
{
}
new Thread(new ThreadStart(() =>
Expand All @@ -408,17 +419,7 @@ static void Main(string[] args)
bool banned = false;
try
{
if (bans.Any(ban => ban.hostname == hostname))
{
client.Close();
}
}
catch
{
}
Expand Down Expand Up @@ -558,6 +559,7 @@ static void Main(string[] args)
}
else if (answ.Trim().StartsWith("STOR") && Authed)
{
Thread.Sleep(2000);
if (passives.ContainsKey(c))
{
Connectivity connn;
Expand Down Expand Up @@ -603,6 +605,7 @@ static void Main(string[] args)
}
else if (answ.StartsWith("RETR") && Authed)
{
Thread.Sleep(2000);
string filename = answ.Substring(5).Trim().Replace("/", "");
File aaaa = null;
foreach (File aa in files)
Expand Down Expand Up @@ -722,32 +725,35 @@ static void Main(string[] args)
{
LogWrite("200 OK!\r\n", sw, hostname);
}
else if (answ.Contains("CPFR"))
else if (answ.StartsWith("CPFR"))
{
//Fun part: tricking random exploiters. Very "hackers"
triggered = true; //First level trigger
LogWrite("350 Need more information.\r\n", sw, hostname);
}
else if (answ.Trim().Contains("CPTO") && triggered)
else if (answ.Trim().StartsWith("CPTO") && triggered)
{
LogWrite("250 Need more information.\r\n", sw, hostname);
}
else if (answ.Trim().Contains("AUTH"))
else if (answ.Trim().StartsWith("AUTH"))
{
LogWrite("502 Please use plain FTP.\r\n", sw, hostname); // We dont want them to use security.
}
else if (Authed && username == "admin" && md5(password) == "")
{
//Todo: admin cmds
}
else if (Authed && answ.Trim().Contains("CLNT"))
else if (answ.Trim().StartsWith("CLNT"))
{
LogWrite("200 OK!\r\n", sw, hostname);
}
else if (Authed && answ.Trim().Contains("NOOP"))
else if (Authed && answ.Trim().StartsWith("NOOP"))
{
LogWrite("200 OK!\r\n", sw, hostname);
} else if (Authed && answ.Trim().StartsWith("REST"))
{
LogWrite("502 There is no such command.\r\n", sw, hostname);
}
else
{
Expand Down Expand Up @@ -972,30 +978,30 @@ private static void InitializeFiles()
/// <param name="sw">Actual StreamWriter of PASV mode</param>
public static void SendFile(File file, StreamWriter sw)
{
if (file.size <= 2048)
if (file.size <= 8192)
{
sw.BaseStream.Write(file.content, 0, file.size);
} else
{
//Ok boomer
//1. We calculate amount of steps (a.k.a how much should we do the loop)
//2. We calculate offtop based on steps we already passed
//3. We take 2048 bytes since that offtop and send them......
//3. We take 8192 bytes since that offtop and send them......
//it's hard but here's the actual code:

int Steps = 0;
int Offtop = 0;
int Leftover = 0;

byte[] buffer = new byte[2048];
Steps = Math.DivRem(file.size, 2048, out Leftover);
byte[] buffer = new byte[8192];
Steps = Math.DivRem(file.size, 8192, out Leftover);
for(Offtop = 0; Offtop<Steps; Offtop++)
{
Array.Copy(file.content, Offtop * 2048, buffer, 0, 2048);
Array.Copy(file.content, Offtop * 8192, buffer, 0, 8192);
sw.BaseStream.Write(buffer, 0, buffer.Length);
Thread.Sleep(50); //Trying to limit possible attacks.
}
var last = new byte[file.size - Offtop *2048];
var last = new byte[file.size - Offtop * 8192];
Array.Copy(file.content, file.size - Leftover, last, 0, Leftover);
sw.BaseStream.Write(last, 0, last.Length);
Thread.Sleep(50);
Expand Down
15 changes: 7 additions & 8 deletions CHANGELOG.txt
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
--> IT ONLY CONTAINS THE MOST RECENT CHANGES!

v0.2.0:
- Fixed "errors" handling, designed to prevent users spamming invalid FTP commands
- Fixed PWN not being logged due to its size
- Added "connections per second" and "total connections" antispam for default port
- Added "total connections" antispam for PASV port
- Fixed PASV mode handler not checking for default port connection, as well as fixed handling of non-active users (CVE-2020-8416 fix)
- Passive mode now autodisconnects AFK persons after 120 seconds of inactivity (Beware when sending big files!)
- Minor bugfixes
v0.2.1:
- Bans fix
- Fixed clients requesting RETR and STOR right after PASV without actually connecting to it properly (a.k.a high ping PASV fix) (There are still troubles with big files (more than 1 MB))
- Minor fixes of improper command handling
- Increased block size for RETR from 2048 to 8192‬, potentially increasing the speed of download
- REST command handling (improper but still)
- Fix of CLNT command

0 comments on commit cd84289

Please sign in to comment.