CVE-2006-6576

Exploitation Summary

EIP tracks 4 public exploits for CVE-2006-6576. PoCs published by 1F98D, Metasploit, cd1zz & iglesiasgg, including Metasploit module exploits/windows/ftp/goldenftp_pass_bof.

AI-analyzed exploit summary This exploit targets a buffer overflow in Golden FTP Server 4.70 during the authentication process. It uses an egg hunter technique to locate and execute shellcode, which is generated by msfvenom for a reverse TCP shell.

Description

Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634.

Exploits (4)

exploitdb WORKING POC VERIFIED

by 1F98D · pythonremotewindows

https://www.exploit-db.com/exploits/49629

View Code ZIP pw:eip

This exploit targets a buffer overflow in Golden FTP Server 4.70 during the authentication process. It uses an egg hunter technique to locate and execute shellcode, which is generated by msfvenom for a reverse TCP shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Golden FTP Server 4.70

No auth needed

Prerequisites: Network access to the target FTP server · Knowledge of the source IP address for buffer length calculation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17355

View Code ZIP pw:eip

This is a Metasploit module exploiting a stack-based buffer overflow in GoldenFTP Server 4.70 via the PASS command. It delivers a payload to achieve remote code execution on Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Golden FTP Server 4.70

No auth needed

Prerequisites: Network access to the target FTP service · Golden FTP Server 4.70 running on Windows

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by cd1zz & iglesiasgg · rubyremotewindows

https://www.exploit-db.com/exploits/16036

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in GoldenFTP Server 4.70 by sending a maliciously crafted PASS command. It includes a Metasploit-generated bind shell payload and requires knowledge of the target's subnet to determine the correct offset.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GoldenFTP Server 4.70

No auth needed

Prerequisites: knowledge of the target's subnet · GoldenFTP Server 4.70 running on the target · network connectivity to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Craig Freyman, bannedit · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/goldenftp_pass_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Golden FTP Server via the PASS command, leveraging a JMP ESI instruction to execute arbitrary payloads. It includes target-specific return addresses for various Windows XP service packs.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Golden FTP Server v4.70

No auth needed

Prerequisites: Golden FTP Server v4.70 with 'Show new connections' enabled · Network access to the FTP service

MITRE ATT&CK