Ftp server exploitation


(Denis Muhic) #1

Hi there ,
I have following problem. I am trying to exploit easyfile ftp server and I am considering an NSEH/SEH approach to the exploit.
I am on a Windows 10 box, where Kali 2.2018 is running in a virtual machine.
The problem is that just after SEH there are some ,maybe 4 Null Bytes on the stack and I cannot just jump over them with “\xeb\x06\x90\x90”.
Here is a picture :
Capture

So what can I do ?

Thanks in advance,
looking forward,

Denis.


#2

Double-Check the badchars, SEH, shellcode and try it without any AV.
Is your listener running? Right listening port?

You should exactly understand how the stack is filled. Do not speculate. Be sure.
Set a breakpoint and follow the ESP in dump step by step and take a closer look how the bytes will be changed.
Keep trying!


(system) #3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.