#!/usr/bin/python
# Exploit Title: FTPShell Server 6.85 - Add Account Buffer Overflow
# Date: December 2nd, 2019
# Exploit Author: boku
# Vendor Homepage: http:// #!/usr/bin/python
# Exploit Title: FTPShell Server 6.85 - Add Account Buffer Overflow
# Date: December 2nd, 2019
# Exploit Author: boku
# Vendor Homepage: http://www.ftpshell.com/index.htm
# SOftware Link: http://www.ftpshell.com/downloadserver.htm
# Program Name: FTPShell Server (Secure Plus edition)
# Version: Version 6.85
# Tested on: Windows XP Professional (32-bit)- 5.1.2600 Service Pack 3 Build 2600
# Recreate:
# - Install FTPShell Server v6.85
# - open 'FTPShell Server Administrator'
# - Click button 'Manage FTP Accounts..'
# - Click button 'Configure accounts..'
# - Click button 'Add'
# - Run python script & transfer 'poc.txt' to windows box
# - Open 'poc.txt' & select-all, then copy
# - Paste poc.txt text blob into 'Login' text-box
# - Press button 'OK'; program will crash & shellcode will execute
blt = '
FTPShell Server 6.85 Buffer Overflow
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 292