Full Disclosure mailing list archives
RE: freeftpd MKD buffer overflow etc...
From: <ad () class101 org>
Date: Thu, 17 Nov 2005 14:04:04 +0100
Lol dont take it so badly dude , I know & im sure you can share better codes thats all ;p _____ De : full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] De la part de barabas mutsonline Envoyé : jeudi 17 novembre 2005 10:43 À : full-disclosure () lists grok org uk Objet : [Full-disclosure] freeftpd MKD buffer overflow etc... Hi, I turned off logging on my freeftpd server as a temporary fix for the USER problem. Pfew...I felt more comfortable now. 3v17 h4x0r5 won't be able to compromise my collection of Adriana Lima pics anymore. But...while I was thinking on how to write a l33t3r PoC, I picked my nose, and a giant booger fell on my keyboard just whilst I was creating a daily directory of pictures. It hit the A-key and send a long MKD string to my freeftpd server and crashed it (7 gram booger = +- 1024 A's). Godd4mn! This even without turning logging on! SEH was overwritten again. I restarted the server and got really mad. Trying to remove the booger from between my keys something amazing happened: A very long DELE command was send and the server died again. I give up. Maybe I'll use scp and blow my nose? I'll leave it up to Class101 to write l33t PoC code. His kungfu is better and he codes in C, which is l33t3r anyway. cheers barabas
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- freeftpd MKD buffer overflow etc... barabas mutsonline (Nov 17)
- RE: freeftpd MKD buffer overflow etc... ad (Nov 17)
- Re: freeftpd MKD buffer overflow etc... [exploit] Expanders (Nov 17)
- RE: freeftpd MKD buffer overflow etc... ad (Nov 17)