New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ayukov NFTP FTP Client < 2.0 Remote Buffer Overflow #9360
Conversation
I am not getting a session from the exploit. It looks like there is something wrong with the payload... looking into it. |
This time testing from a different network works:
|
Trying out a different network still works for me. Well, that was spooky:
|
I think I figured out why I was seeing that problem. You might have a bad char somewhere. I'll try to find it. |
OK, I think I've fixed it. Turns out you are missing a
I'll be landing this now. Thanks @DanielRTeixeira |
Release NotesThis module exploits a buffer overflow vulnerability against Ayukov NFTP FTP Client. By responding the SYST request with a long string of data, a malicious server may cause a stack buffer overflow condition on the client, and result in arbitrary remote code execution. |
This PR adds a module to exploit a remote buffer overflow in the Ayukov NFTP FTP Client.
Tested on: Windows XP Professional SP3 EN x86
Verification
List the steps needed to make sure this thing works
msfconsole
use exploit/windows/ftp/ayukov_nftp
Example