Re: POC exploit for freeFTPd 1.0.10
Hello Sanjay
There was no technical difficulty. That was just a POC
to proof the vulnerability and not to exploit it in
the wild. The choice at your disposal is limit less.
You can also debug the programe on windows 2003 server
and include the offsets. you can debug it on windows
2000 professional, windows in chiness language ;),
windows in japanis, windows in other languages.
Regards,
Tauqeer Ahmad
--- Sanjay Rawat <sanjayr@xxxxxxxxxx> wrote:
---------------------------------
Hello Ahmad:
I am wondering why you have not given option for
Windows 2000 SP4Professional in your python code. Is
there any technical difficulty?
I think one can include the following snippet in your
code after line #95
---------------------------------------
elif value == '4:
eip = "\x29\x4c\xE1\x77" # 77E14c29
JMP ESP IN USER32.DLL(windows 2000 Prof. SP4)
-------------------------------------
Please correct me if I am missing something. As of
now, I could not testthis addition though.
regards
-Sanjay
At 09:48 PM 5/17/2006, Tauqeer Ahmad wrote:
Hi,
The exploit that i publish for freeSSHd 1.0.9 will
work against freeFTPd 1.0.10 as well. Upgrade to the
lattest version of freeFTPd.
http://www.securityfocus.com/data/vulnerabilities/exploits/2680392359-ssh.py
Disclaimer:
All the information and exploit in this mail and the
previous are provided for the educational purpose
only. Please do not i repeat do not run this exploit
against any system without prior permission.
Regards,
Tauqeer Ahmad
0x-Scientist-x0
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
Sanjay Rawat
Senior SoftwareEngineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBCBank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082|India
Office: + 91 4023358927/28 Extn 422
Website :www.intoto.com
Homepage:http://sanjay-rawat.tripod.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com