关联漏洞
Description
simple Python exploit using CVE-2018-7449 on embOS/IP FTP Server v3.22
介绍
<h1 align = "center"> CVE-2018-7449</h1>
<img src="img/banner.png" >
## 1. Introduction
My tool is written in Python and exploits the CVE-2018-7449 vulnerability to execute a series of commands that will crash the ftp daemon.
<pre>
<b> *** DISCLAIMER!!! ***</b>
Please note that the use of hacking tools without authorization is illegal and
could result in legal problems. Therefore, it is important to use this tool
only for testing purposes on systems where you have permission to act.
</pre>
## 2. conditions to exploit this vulnerability
- firewall disabled or compromised
- the attacker must know the username and password of an ftp account
- ftp passwords travel unencrypted and could be sniffed
## 3. help use
<img src="img/screenHelper.png" >
## 4. source from which I took inspiration:
[SEGGER embOS/IP FTP Server 3.22 - Denial of Service - Windows dos Exploit](https://www.exploit-db.com/exploits/44221)
文件快照
[4.0K] /data/pocs/ab48aa76d49b459a7968c0b1d6c86fc132a586b9
├── [1.2K] exploitFTPModule.py
├── [4.0K] img
│ ├── [ 63K] banner.png
│ └── [106K] screenHelper.png
├── [ 34K] LICENSE
├── [ 933] README.md
└── [2.3K] run-exploit.py
1 directory, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。