Type : Tutorial
Level : Easy
Attacker O.S : Backtrack 5 R1
Victim O.S : Windows XP SP3
Vulnerable Application ScriptFTP <= 3.0
Exploit Credit : modpr0be
What is ScriptFTP? According to it's website
ScriptFTP is a FTP client designed to automate file transfers. It follows the commands written on a text file (also called script file) and makes the uploads or downloads automatically. ScriptFTP is a script-driven FTP client. It works like traditional FTP clients but does not require any user interaction while running, instead it works automatically using a text file which contains the actions ScriptFTP has to execute.
Okay that's the introduction, now let's start to try how this exploit work 🙂
2. Vulnerable ScriptFTP (Download link)
3. ScriptFTP Exploit
Attacker IP : 192.168.8.93
Victim IP : 192.168.8.91
1. Download the exploit and also download the vulnerable scriptFTP application from the link above(we won't hurt anyone else here).
2. In this scenario, the attacker(192.168.8.93) will act as an FTP server. We need to run the server by executing the exploit by running the following command python scriptFTP.py.
3. The next step we need to create the FTP script to be executed by FTP script application in victim side. You can view how to create the script from here but you also can view my script below and edit using notepad(or other text editor) and then save as .ftp extension.
4. When victim open the FTP script we create in step 3
5. We've got the shell 🙂
1. Until now I wrote this tutorial, the application status still zeroday(a.k.a no cure)
Hope it's useful 🙂