Blog
Aug 31, 2009
Microsoft IIS FTP 5.0 Remote SYSTEM Exploit
Microsoft IIS FTP 5.0 remote SYSTEM exploit video demonstration
OffSec Team
1 min read
A remote Microsoft FTP server exploit was released today by Kingcope, and can be found at http://milw0rm.com/exploits/9541, https://www.exploit-db.com/exploits/9541/
A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small payload size allowed by the SITE command, which was limited to around 500 bytes.
After a bit of tinkering around, we saw that the PASSWORD field would be most suitable to shove a larger payload (bindshell). A quick replacement of the original “user add” shellcode with a secondary encoded egghunter – and a bind shell was presented to us!
The exploit can be downloaded from our exploit archive.
Cybersecurity leader resources
Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week
Latest from OffSec
Insights
Empowering Women in Cybersecurity: How Education and Training Are Key
While women represent only 24% of the cybersecurity workforce, hands-on training is changing the game.
Feb 28, 2025
5 min read
Insights
Women in Cybersecurity Leadership: Inspiring Role Models at the Top
Celebrate Women’s History Month by recognizing the women shaping cybersecurity and driving innovation in the industry.
Feb 24, 2025
11 min read
Federal
Addressing the Unique Cybersecurity Challenges Faced by Government Agencies
Explore the unique cybersecurity challenges government agencies face and how tailored strategies can protect national security and public trust.
Feb 12, 2025
8 min read