| Título | FreeFloat FTP Server 1.0.0 Buffer Overflow |
|---|
| Descrição | This technique works well against Windows XP Professional Service Pack 2 and 3.
This exploitation test was performed on a 32-bit Freefloat FTP server version 1.0.
For this exploit, I tried several strategies to increase the reliability of the Poc - Proof Of Concept.
Sending an excessive amount of data through the "APPEND" command, the application crashes, indicating the Buffer Overflow condition.
Then, the offset amount was identified by using msf-pattern_create -l 1000
And then by using msf-pattern_offset -q to discover the offset amount.
After discovering the offset amount, it was necessary to adjust the data in the stack.
To advance in the exploit, mona was used, together with the command !mona jmp -r esp -n to discover a JMP ESP address, in this case it was 0x7c86467b.
Then I used the removal of the main badchars: 0x00\0x0a\0x0d I did not perform a search for badchars through bytearray, because I already knew the environment I was working in.
Finally, I added 20 nops and generated the shellcode with msfvenom
Successful exploitation of these issues could allow attackers to obtain a remote shell on the system |
|---|
| Fonte | ⚠️ https://fitoxs.com/exploit/e837c056f1ced605a9574541c7bf9861982bbf52ac5da3a5c5b637dbbadb49b7-exploit.txt |
|---|
| Utilizador | Fernando Mengali (UID 83791) |
|---|
| Submissão | 20/05/2025 02h55 (há 11 meses) |
|---|
| Moderação | 21/05/2025 15h28 (2 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 309868 [FreeFloat FTP Server 1.0 APPEND Command Excesso de tampão] |
|---|
| Pontos | 20 |
|---|