| タイトル | FreeFloat FTP Server 1.0.0 Buffer Overflow |
|---|
| 説明 | This technique works well against Windows XP Professional Service Pack 2 and 3.
This exploitation test was performed on a 32-bit Freefloat FTP server version 1.0.
For this exploit, I tried several strategies to increase the reliability of the Poc - Proof Of Concept.
Sending an excessive amount of data through the "APPEND" command, the application crashes, indicating the Buffer Overflow condition.
Then, the offset amount was identified by using msf-pattern_create -l 1000
And then by using msf-pattern_offset -q to discover the offset amount.
After discovering the offset amount, it was necessary to adjust the data in the stack.
To advance in the exploit, mona was used, together with the command !mona jmp -r esp -n to discover a JMP ESP address, in this case it was 0x7c86467b.
Then I used the removal of the main badchars: 0x00\0x0a\0x0d I did not perform a search for badchars through bytearray, because I already knew the environment I was working in.
Finally, I added 20 nops and generated the shellcode with msfvenom
Successful exploitation of these issues could allow attackers to obtain a remote shell on the system |
|---|
| ソース | ⚠️ https://fitoxs.com/exploit/e837c056f1ced605a9574541c7bf9861982bbf52ac5da3a5c5b637dbbadb49b7-exploit.txt |
|---|
| ユーザー | Fernando Mengali (UID 83791) |
|---|
| 送信 | 2025年05月20日 02:55 (11 月 ago) |
|---|
| モデレーション | 2025年05月21日 15:28 (2 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 309868 [FreeFloat FTP Server 1.0 APPEND Command メモリ破損] |
|---|
| ポイント | 20 |
|---|