Hacking Windows XP SP3 via Script FTP Vulnerability

Hacking Windows XP SP3 via Script FTP Vulnerability


Type : Tutorial

Level : Easy

Attacker O.S : Backtrack 5 R1

Victim O.S : Windows XP SP3

Vulnerable Application ScriptFTP <= 3.0

Exploit Credit : modpr0be

What is ScriptFTP? According to it's website

ScriptFTP is a FTP client designed to automate file transfers. It follows the commands written on a text file (also called script file) and makes the uploads or downloads automatically. ScriptFTP is a script-driven FTP client. It works like traditional FTP clients but does not require any user interaction while running, instead it works automatically using a text file which contains the actions ScriptFTP has to execute.

Okay that's the introduction, now let's start to try how this exploit work ๐Ÿ™‚

Requirements :

1. Python

2. Vulnerable ScriptFTP (Download link)


3. ScriptFTP Exploit

download from mediafire.com

Step By Step :

Attacker IP :

Victim IP :

1. Download the exploit and also download the vulnerable scriptFTP application from the link above(we won't hurt anyone else here).

2. In this scenario, the attacker( will act as an FTP server. We need to run the server by executing the exploit by running the following command python scriptFTP.py.

Hacking Windows XP SP3 via Script FTP Vulnerability

3. The next step we need to create the FTP script to be executed by FTP script application in victim side. You can view how to create the script from here but you also can view my script below and edit using notepad(or other text editor) and then save as .ftp extension.

Hacking Windows XP SP3 via Script FTP Vulnerability

4. When victim open the FTP script we create in step 3

Hacking Windows XP SP3 via Script FTP Vulnerability

5. We've got the shell ๐Ÿ™‚

Hacking Windows XP SP3 via Script FTP Vulnerability

Countermeasure :

1. Until now I wrote this tutorial, the application status still zeroday(a.k.a no cure)

Hope it's useful ๐Ÿ™‚

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail

(Visited 291 times, 1 visits today)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web.
Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • jeetjan

    Hi bro nice tutorial you always rocks i m back again i was outsdie thats way not able to mail you hope you will be fine God bless you …………..Jeet jain

  • giogio

    I appreciate your work but as a newbie, lot of stuff I don t get, I am using backtrack 5 and I can not find scriptftp app, I don t see the victim IP in your connect.ftp file
    Does this exploit gives me access to the C: of the victim ?
    thank you

  • joand

    when i try to do telnet (ip) port ..i got result could not open to connection to host on port .122.x.x.x. 23 : connection failed
    as you can see that port on that ip is open for telnet what i am doing wrong?
    21  tcp open
    23 tcp open
    80 tcp open
    7547 tcp open
    thats nmap port scanner result of victim ip

    • v4L

      it’s because victim have firewall installed or your username & password was wrong.