Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%

CVE-2018-7449 PoC — SEGGER embOS/IP FTP Server 安全漏洞

Source
Associated Vulnerability
Title:SEGGER embOS/IP FTP Server 安全漏洞 (CVE-2018-7449)
Description:SEGGER embOS/IP FTP Server是德国SEGGER Microcontroller公司的一款FTP服务器。 SEGGER embOS/IP FTP Server 3.22版本中存在安全漏洞。远程攻击者可通过发送无效的LIST、STOR或RETR命令利用该漏洞造成拒绝服务(守护进程崩溃)。
Description
simple Python exploit using CVE-2018-7449 on embOS/IP FTP Server v3.22
Readme
<h1 align = "center"> CVE-2018-7449</h1>
<img src="img/banner.png" >



## 1. Introduction

My tool is written in Python and exploits the CVE-2018-7449 vulnerability to execute a series of commands that will crash the ftp daemon.
<pre>
	<b> *** DISCLAIMER!!! ***</b>
	Please note that the use of hacking tools without authorization is illegal and 
	could result in legal problems. Therefore, it is important to use this tool
	only for testing purposes on systems where you have permission to act.
</pre>
## 2. conditions to exploit this vulnerability

- firewall disabled or compromised

- the attacker must know the username and password of an ftp account

- ftp passwords travel unencrypted and could be sniffed
  
## 3. help use
<img src="img/screenHelper.png" >  

## 4. source from which I took inspiration:

[SEGGER embOS/IP FTP Server 3.22 - Denial of Service - Windows dos Exploit](https://www.exploit-db.com/exploits/44221)
File Snapshot

[4.0K] /data/pocs/ab48aa76d49b459a7968c0b1d6c86fc132a586b9 ├── [1.2K] exploitFTPModule.py ├── [4.0K] img │   ├── [ 63K] banner.png │   └── [106K] screenHelper.png ├── [ 34K] LICENSE ├── [ 933] README.md └── [2.3K] run-exploit.py 1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.