Re: POC exploit for freeFTPd 1.0.10
Hello Ahmad:
I am wondering why you have not given option for Windows 2000 SP4
Professional in your python code. Is there any technical difficulty?
I think one can include the following snippet in your code after line # 95
---------------------------------------
elif value == '4:
eip = "\x29\x4c\xE1\x77" # 77E14c29 JMP ESP IN USER32.DLL
(windows 2000 Prof. SP4)
-------------------------------------
Please correct me if I am missing something. As of now, I could not test
this addition though.
regards
-Sanjay
At 09:48 PM 5/17/2006, Tauqeer Ahmad wrote:
Hi,
The exploit that i publish for freeSSHd 1.0.9 will
work against freeFTPd 1.0.10 as well. Upgrade to the
lattest version of freeFTPd.
http://www.securityfocus.com/data/vulnerabilities/exploits/2680392359-ssh.py
Disclaimer:
All the information and exploit in this mail and the
previous are provided for the educational purpose
only. Please do not i repeat do not run this exploit
against any system without prior permission.
Regards,
Tauqeer Ahmad
0x-Scientist-x0
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Sanjay Rawat
Senior Software Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBC Bank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 422
Website : www.intoto.com
Homepage: http://sanjay-rawat.tripod.com