NattiSamson
commented
3 years ago First install the vulnerable version of Serv-U (I used version 15.2.3), can be found here (https://downloads.solarwinds.com/solarwinds/Release/SU/15.2.3/SU-FTP-Server-Windows-v15.2.3.zip)
Then run the Serv-U console and create domain from the domain wizard. This step will enable the FTP feature of the serv-u process.
After successfully creating the domain run the windbg(x64) debugger then attach the Ser-U.exe process.
Finally run the python script.
Note: The success rate to control RIP is very low, so you must run the script multiple times. When RIP is controlled you will see the following code on windbg. call qword ptr [rbx+10h] ds:000001d7`a0098710=4141414141414141
DarkFunct
Hi, can you tell me, how to use this poc?
thx, buddies.