| タイトル | PCMan FTP 2.0.7 Buffer Overflow |
|---|
| 説明 | This technique works well against Windows XP Professional Service Pack 2 and 3.
For this exploit, I tried several strategies to increase the reliability of the Poc - Proof Of Concept.
Sending an excessive amount of data through the "DIR" command, the application crashes, indicating the Buffer Overflow condition.
Then, the offset amount was identified by using msf-pattern_create -l 3000
And then by using msf-pattern_offset -q to discover the offset amount.
After discovering the offset amount, it was necessary to adjust the data in the stack.
To advance in the exploit, mona was used, together with the command !mona jmp -r esp -n to discover a JMP ESP address, in this case it was 0x74e32fd9.
Then I used the removal of the main badchars: 0x00\0x0a\0x0d I did not perform a search for badchars through bytearray, because I already knew the environment I was working in.
Finally, I added 20 nops and generated the shellcode with msfvenom
Successful exploitation of these issues could allow attackers to obtain a remote shell on the system. |
|---|
| ソース | ⚠️ https://fitoxs.com/exploit/exploit-21232f297a57a5a743894a0e4a801fc3.txt |
|---|
| ユーザー | Fernando Mengali (UID 83791) |
|---|
| 送信 | 2025年04月07日 17:33 (12 月 ago) |
|---|
| モデレーション | 2025年04月16日 15:33 (9 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 305070 [PCMan FTP Server 2.0.7 DIR Command メモリ破損] |
|---|
| ポイント | 20 |
|---|