<<< Date Index >>>     <<< Thread Index >>>

Re: POC exploit for freeFTPd 1.0.10



Hello Ahmad:
I am wondering why you have not given option for Windows 2000 SP4 Professional in your python code. Is there any technical difficulty?
I think one can include the following snippet in your code after line # 95
---------------------------------------
elif value == '4:
eip = "\x29\x4c\xE1\x77" # 77E14c29 JMP ESP IN USER32.DLL (windows 2000 Prof. SP4)
-------------------------------------

Please correct me if I am missing something. As of now, I could not test this addition though.

regards
-Sanjay

At 09:48 PM 5/17/2006, Tauqeer Ahmad wrote:
Hi,

The exploit that i publish for freeSSHd 1.0.9 will
work against freeFTPd 1.0.10 as well. Upgrade to the
lattest version of freeFTPd.

http://www.securityfocus.com/data/vulnerabilities/exploits/2680392359-ssh.py

Disclaimer:

All the information and exploit in this mail and the
previous are provided for the educational purpose
only. Please do not i repeat do not run this exploit
against any system without prior permission.

Regards,

Tauqeer Ahmad
0x-Scientist-x0


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Sanjay Rawat
Senior Software Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBC Bank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 422
Website : www.intoto.com
  Homepage: http://sanjay-rawat.tripod.com