profile picture of Isuka sanuj
Web exploits Network service

Getting RCE from web via ftp exploit

Yo yo homies I’m back . yeah this post is in a different category than my other post(that’s why my banner template changed) so first we need to talk about what is FTP and why are we using it What is FTP The File Transfer Protocol is a

Mar 20, 2024 5 mins

Getting RCE from web via ftp exploit

Yo yo homies I’m back . yeah this post is in a different category than my other post(that’s why my banner template changed)

so first we need to talk about what is FTP and why are we using it

What is FTP

The File Transfer Protocol is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network

Aaaugh too long bruh so lets simplify this

so basically FTP is a network protocol that transfer files between computers over TCP/IP-based network

so why do we use it for web application?

web apps don’t need FTP. but some cases developers use FTP to maintain web apps

ok so I can give you a real world scenario(gen by Gemini)

now we need to learn how we can manage ftp connection because we can’t attack to a ftp server without having knowledge of ftp connection management

How to manage ftp connection

okay lets see how do we connect to the ftp connection

So First I’m scanning ports and

so now we know lil info about the server and we found a jackpot(anonymous login for ftp)

so lets login to ftp via anonymous

ok lets explore this yeeeah

so lets see how we can deface a web with this(at least get website data)

Now we need to setup a lab to exploit

Setup a lab to exploit

So Im gonna make simple php page that include images in “folder” and I’m uploading images with ftp

https://gist.github.com/isuk4s4/e5d170edfd10af4343b9f87909d02c0

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Image Gallery</title>
 <style>
body {
  font-family: Arial, sans-serif; 
  margin: 0;
  background-color: #222; 
  color: #fff; 
}

.gallery {
  display: flex;
  flex-wrap: wrap;
  justify-content: space-between;
  padding: 20px;
  max-width: 1000px;
  margin: 0 auto;
}

.gallery img {
  margin: 10px;
  width: 250px; 
  border-radius: 5px;
  transition: transform 0.3s ease-in-out;
}

.gallery img:hover {
  transform: scale(1.05); 
  box-shadow: 0 0 5px rgba(0, 0, 0, 0.3); 
}

h1 {
  text-align: center;
  margin-bottom: 20px;
  font-weight: 300;
  font-size: 2em;
  letter-spacing: 1px; 
  color: #ddd;
}


 </style>
</head>
<body>
  <h1>Image Gallery</h1>
  <div class="gallery">
    <?php
      $images_dir = "gallery/";

      if ($dir = opendir($images_dir)) {
        while (false !== ($file = readdir($dir))) {
          if (strpos(strtolower($file), ".jpg") !== false || strpos(strtolower($file), ".png") !== false || strpos(strtolower($file), ".gif") !== false|| strpos(strtolower($file), ".webp") !== false) {
            echo "<img src='" . $images_dir . $file . "' alt='" . $file . "'>";
          }
        }
        closedir($dir);
      } else {
        echo "Error: Could not open image directory.";
      }
    ?>
  </div>
</body>
</html>

and lets setup the ftp server

if you’re trying this on linux read this cause im doing this in my windows machine

How to setup and configure an FTP server in Linux? - GeeksforGeeks
A Computer Science portal for geeks. It contains well written, well thought and well explained computer science and…
www.geeksforgeeks.org

So lets make the ftp server

  • go to the Programs and Features and turn on these features
  • and press conform
  • now open IIS Manager and add a FTP site

Tap tap tap oh wait there is something important

yeeah this is why we can get a vulnerable ftp servers(this is only one vuln.there are some other vulns in some ftp servers)

  • allow ftp through windows firewall

and lets see

yeeah now we got our ftp server and lets exploit this

So forgot about all things we know about this application and process this cause we made this lab and we know how we can exploit this

lets enumerate this

Enumeration

Yeeah again “We got a jackpot” it enabled anonymous login

so lets login

ok lets upload a shell

and all we need to do is upload this shell to the server

so lets check it

we can’t see our shell in the gallery cause it only shows images but we can find the path from browser

yeeah there it is our lil shell lets open it and test it

so this is it. but this is a only one way to do this and there are many things in ftp.GGS

echo "GGS!Ima Off";

end

Read next

Get RCE With SSTI
Get RCE With SSTI

Mar 29, 2024 4 mins

Secrets of LFI🤫
Secrets of LFI🤫

Mar 12, 2024 5 mins

Payload will after you
Payload will after you

Mar 10, 2024 3 mins