FTP Example

Microsoft IIS FTP 5.0 Remote SYSTEM Exploit

Microsoft IIS FTP remote exploit

A remote Microsoft FTP server exploit was released today by Kingcope, and can be found at http://milw0rm.com/exploits/9541, https://www.exploit-db.com/exploits/9541/

A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small payload size allowed by the SITE command, which was limited to around 500 bytes.

After a bit of tinkering around, we saw that the PASSWORD field would be most suitable to shove a larger payload (bindshell). A quick replacement of the original “user add” shellcode with a secondary encoded egghunter – and a bind shell was presented to us!

The exploit can be downloaded from our exploit archive.

ALL NEW FOR 2020

All new 2020 update for PWK!

Penetration Testing with Kali Linux (PWK)

2X THE CONTENT
33% MORE LAB MACHINES

Earn your OSCP

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb