CVE-2010-2620
published 2010-07-02CVE-2010-2620: Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands…
PriorityP270critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
28.61%
97.9th percentile
Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-ftpd | open-ftpd | <= 1.2 | — |
| open-ftpd | open-ftpd | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on FTP banner matching '** Welcome on **' — the Metasploit module uses this exact string to fingerprint vulnerable Open-FTPD instances. ↗
- →Detect STOR of .exe files into C:\WINDOWS\system32\ followed by STOR of .mof files into C:\WINDOWS\system32\wbem\mof\ over FTP — this is the WMI-based code execution chain. ↗
- ·The WMI MOF-based code execution technique (dropping .mof into wbem\mof\) only works on Windows versions prior to Vista; the exploit will not achieve code execution on Vista or later. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Open-FTPD 1.2 - Arbitrary File Upload (Metasploit)
exploitdb·2013-08-13
CVE-2010-2620 Open-FTPD 1.2 - Arbitrary File Upload (Metasploit)
Open-FTPD 1.2 - Arbitrary File Upload (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "Open-FTPD 1.2 Arbitrary File Upload",
'Description' => %q{
This module exploits multiple vulnerabilities found in Open&Compact FTP
server. The software contains an authentication bypass vulnerability and a
arbitrary file upload vulnerability that allows a remote attacker to write
arbitrary files to the file system as long as there is at least one user
who has permission.
Code execution can be achieved by first uploading the payload to the rem
Exploit-DB
(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval
exploitdb·2013-08-07
CVE-2010-2620 (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval
(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Authentication Bypass / Directory Traversal SAM Retrieval
---
#!/usr/bin/python
# Exploit Title: Open&Compact Ftp Server <= 1.2 Auth bypass & directory traversal sam retrieval
# Date: Aug 7, 2013
# By Wireghoul - http://www.justanotherhacker.com
# Based on Serge Gorbunov's auth bypass (http://www.exploit-db.com/exploits/13932/)
# Software Link: http://sourceforge.net/projects/open-ftpd/
# Version: <= 1.2
# Tested on: Windows 7, Windows XP SP3
# Abusing authentication bypass in combination with a directory traversal to grab
# the sam file for offline cracking
import ftplib
import os
# Connect to server
ftp = ftplib.FTP( "192.168.58.135" )
ftp.set_pasv( False )
# Note that we need no authentication at all!!
print ftp.sendcmd( 'CW
Exploit-DB
(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Full System Access
exploitdb·2010-06-18
CVE-2010-2620 (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Full System Access
(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Full System Access
---
# Exploit Title: Open&Compact Ftp Server <= 1.2 Full System Access
# Date: June 12, 2010
# Author: Serge Gorbunov
# Software Link: http://sourceforge.net/projects/open-ftpd/
# Version: <= 1.2
# Tested on: Windows 7, Windows XP SP3
#!/usr/bin/python
# Simply by omitting login process to the open ftp server it is possible
# to execute any command, including but not limited to: listing files,
# retrieving files, storing files.
# Below is an example of a few commands.
# If you want to test storing files with no authentication, create a
# test file and uncomment out line with ftp.storbinary function call.
# Any command will work as long as there is at least on user who has the permission
# to execute that command.
Metasploit
Open-FTPD 1.2 Arbitrary File Upload
metasploit
Open-FTPD 1.2 Arbitrary File Upload
Open-FTPD 1.2 Arbitrary File Upload
This module exploits multiple vulnerabilities found in Open&Compact FTP server. The software contains an authentication bypass vulnerability and a arbitrary file upload vulnerability that allows a remote attacker to write arbitrary files to the file system as long as there is at least one user who has permission. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.
No writeups or analysis indexed.
2010-07-02
Published