Bugtraq mailing list archives
Re: POC exploit for freeFTPd 1.0.10
From: Sanjay Rawat <sanjayr () intoto com>
Date: Fri, 19 May 2006 20:03:00 +0530
Hello Ahmad:I am wondering why you have not given option for Windows 2000 SP4 Professional in your python code. Is there any technical difficulty?
I think one can include the following snippet in your code after line # 95 --------------------------------------- elif value == '4:eip = "\x29\x4c\xE1\x77" # 77E14c29 JMP ESP IN USER32.DLL (windows 2000 Prof. SP4)
-------------------------------------Please correct me if I am missing something. As of now, I could not test this addition though.
regards -Sanjay At 09:48 PM 5/17/2006, Tauqeer Ahmad wrote:
Hi, The exploit that i publish for freeSSHd 1.0.9 will work against freeFTPd 1.0.10 as well. Upgrade to the lattest version of freeFTPd. http://www.securityfocus.com/data/vulnerabilities/exploits/2680392359-ssh.py Disclaimer: All the information and exploit in this mail and the previous are provided for the educational purpose only. Please do not i repeat do not run this exploit against any system without prior permission. Regards, Tauqeer Ahmad 0x-Scientist-x0 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Sanjay Rawat Senior Software Engineer INTOTO Software (India) Private Limited Uma Plaza, Above HSBC Bank, Nagarjuna Hills PunjaGutta,Hyderabad 500082 | India Office: + 91 40 23358927/28 Extn 422 Website : www.intoto.com Homepage: http://sanjay-rawat.tripod.com
Current thread:
- POC exploit for freeFTPd 1.0.10 Tauqeer Ahmad (May 18)
- Re: POC exploit for freeFTPd 1.0.10 Sanjay Rawat (May 22)
- <Possible follow-ups>
- Re:POC exploit for freeFTPd 1.0.10 Tauqeer Ahmad (May 18)
- Re: POC exploit for freeFTPd 1.0.10 Tauqeer Ahmad (May 22)