Hacking Windows XP SP3 via Script FTP Vulnerability

Type : Tutorial

Level : Easy

Attacker O.S : Backtrack 5 R1

Victim O.S : Windows XP SP3

Vulnerable Application ScriptFTP <= 3.0

Exploit Credit : modpr0be

What is ScriptFTP? According to it's website

ScriptFTP is a FTP client designed to automate file transfers. It follows the commands written on a text file (also called script file) and makes the uploads or downloads automatically. ScriptFTP is a script-driven FTP client. It works like traditional FTP clients but does not require any user interaction while running, instead it works automatically using a text file which contains the actions ScriptFTP has to execute.

Okay that's the introduction, now let's start to try how this exploit work 🙂

Requirements :

1. Python

2. Vulnerable ScriptFTP (Download link)

mediafire.com

3. ScriptFTP Exploit

download from mediafire.com

Step By Step :

Attacker IP : 192.168.8.93

Victim IP : 192.168.8.91

1. Download the exploit and also download the vulnerable scriptFTP application from the link above(we won't hurt anyone else here).

2. In this scenario, the attacker(192.168.8.93) will act as an FTP server. We need to run the server by executing the exploit by running the following command python scriptFTP.py.

3. The next step we need to create the FTP script to be executed by FTP script application in victim side. You can view how to create the script from here but you also can view my script below and edit using notepad(or other text editor) and then save as .ftp extension.

4. When victim open the FTP script we create in step 3

5. We've got the shell 🙂

Countermeasure :

1. Until now I wrote this tutorial, the application status still zeroday(a.k.a no cure)

Hope it's useful 🙂

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail

Share this article if you found it was useful: