Blog
Aug 31, 2009
Microsoft IIS FTP 5.0 Remote SYSTEM Exploit
Microsoft IIS FTP 5.0 remote SYSTEM exploit video demonstration
1 min read
A remote Microsoft FTP server exploit was released today by Kingcope, and can be found at http://milw0rm.com/exploits/9541, https://www.exploit-db.com/exploits/9541/
A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small payload size allowed by the SITE command, which was limited to around 500 bytes.
After a bit of tinkering around, we saw that the PASSWORD field would be most suitable to shove a larger payload (bindshell). A quick replacement of the original “user add” shellcode with a secondary encoded egghunter – and a bind shell was presented to us!
The exploit can be downloaded from our exploit archive.
Cybersecurity leader resources
Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week
Latest from OffSec
Enterprise Security
The Role of Leadership in Cultivating a Resilient Cybersecurity Team
Learn about the role that leadership plays in cultivating a resilient cybersecurity team.
Sep 13, 2024
5 min read
Community Spotlight
Navigating the Leap: My Journey from Software Engineering to Offensive Security
A software engineer’s journey into offensive security, sharing insights and tips for transitioning careers and thriving in the infosec field.
Sep 13, 2024
17 min read
OffSec News
Become a Certified Threat Hunter with OffSec’s New Foundational Threat Hunting Course (TH-200)
Everything you need to know about OffSec’s new course and certification – TH:200 – Foundational Threat Hunting.
Sep 9, 2024
4 min read