Menu
Dec 22, 2010 There has been some discussion around a publicly posted PoC code that exploits a vulnerability in IIS FTP 7.5, which ships with Windows 7 and Windows Server 2008 R2. Our engineering team is looking into the situation and has made a few preliminary observations that might clear up some confusion. We’ve observed three notable characteristics. Assessing an IIS FTP 7.5 Unauthenticated. MS09-053 Microsoft IIS FTP Server NLST Response Overflow This module exploits a stack buffer overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. Select the Index tab, and then type ftp utility. In the list box, double-click the ftp utility entry. For a list of all FTP commands, double-click the (untitled #0) entry. For a list of parameters available when starting the ftp utility, double-click the (untitled #0) entry. Searching Metasploit for Windows FTP exploits revealed MS09-053 - a buffer overflow which can lead to remote code execution: This module exploits a stack buffer overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path.
Today we are sharing tips and tricks on FTP attacks and security through FTP penetration testing which will help to secure your server from any kind FTP attack.
FTP stands for File Transfer Protocol used for the transfer of computer files such as docs, PDF, multimedia and etc between a client and server on a computer network via port 21. Port 21 is default port which gets open when FTP is activated for sharing data.
Let’s start!!
Install & Configure FTP Server on Windows 7
Firstly we are going to set up the FTP server on our Windows 7 for sharing the file in a LAN. In order to accomplish that we are going to open Control Panel >Programs >Programs and Features >Turn Windows features on or off as shown below.
Here Expand Internet Information Services and check the FTP Server option. Mrc prodigy advance 2 manual.
Also, ensure that FTP Extensibility and FTP Service are both checked as shown below and click OK to begin Installation.
This Installs the IIS and FTP Service Manager, be patient it might take some time.
Configure FTP Site in IIS
Now to open IIS, we will open Control Panel after then select System and Security and here we will open Administrative Tools. In Administrative Tools, you will find IIS Manager as shown below, open it.
The new window of Internet information IIS Manager will come up; right-click Sites given in left panel under Connections, select Add FTP Site.
This will open a new window as shown below.
Enter the name of the FTP site of your choice, as shown in given image ignite.
Enter the path to the FTP folder you want to use to send and receive files. In our case, we created a folder named ftp in location C:ftp.
And click next.
Binding and SSL Settings, we will bind our IPv4 address to the server by allowing following setting then click on next.
- Enter IP:192.168.1.128 and Port: 21.
- Enable the checkbox for Start FTP site automatically
- In SSL option select No SSL and click next.
Allow following setting in Authenticationand Authorization for your FTP site and then click on Finish.
Authentication: Basic
Authorization: specific users (pc7)
Permission: read and write
From the given image, you can see we had successfully configured an FTP server for Ignite. Now let’s try to connect with it for sharing files.
Scanning FTP with nmap
An attacker may take help of nmap to verify whether port 21 is activated or not. For FTP penetration, we are also using nmap in order to scan the targeted system (192.168.1.128) for open FTP port.
If file transfer service is allowed then nmap will show OPEN as a state for port 21, as shown in the given image.
Connect client to FTP Server through WinSCP
WinSCP is a free software which is used to access the FTP server. You can download it from here.
- Protocol to: FTP
- Encryption To: No Encryption
- Hostname: IP of the FTP Server
- Port: 21
- Username and Password: Windows login credentials of the user.
Click on Login.
As you can see I have successfully connected to my FTP server which has a file called demo.txt.
Microsoft Ftp Service 5.0 Exploit
Version Enumeration on FTP
Now, let’s try to get the FTP version through ftp_version on Metasploit
![Exploit Exploit](/uploads/1/2/4/4/124417121/111265140.gif)
Open the terminal in your Kali Linux and Load Metasploit framework now type the following command to scan for FTP version.