Description: Good evening and welcome to a small demonstration of a buffer overflow in EasyFTP Server covered by OSVDB-62134.
I'll be using the Metasploit Framework and the windows/ftp/easyftp_cwd_fixret exploit. This will trigger the buffer overflow and cause the reverse connection to the attacking host.
The FTP server is hosted on port 21 of my trusty XPSP2 machine (10.50.60.115) and the attacking box is on (10.50.60.113).
The attacker will need valid credentials which I have set as the defaults, in Metasploit, for this software:
username - anonymous
password - anonymous
In my opinion any FTP server that has a default username and password and even worse has the above default username and password, is useless and the developers should be strung up - but hey, that's IT for you!
d3m0n35
Tags: EasyFTP , Buffer overflow , metasploit , OSVDB-62134 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.