FTP2RCE

March 01, 2021

7.4k

FTP2RCE

Server-side request forgery via ftp account

https://medium.com/@knownsec404team/rce-exploits-of-redis-based-on-master-slave-replication-ef7a664ce1d0
https://2018.zeronights.ru/wp-content/uploads/materials/15-redis-post-exploitation.pdf
https://www.ambionics.io/blog/laravel-debug-rce
https://github.com/tarunkant/Gopherus
https://github.com/dfyz/ctf-writeups/tree/master/hxp-2020/resonator

Bo0oM

March 01, 2021

Tweet

More Decks by Bo0oM

See All by Bo0oM

Носок на сок

0

1.1k

Выйди и зайди нормально

0

44

Защита от вредоносной автоматизации сегодня

0

550

Defending against automatization using nginx

0

800

Antibot pitch deck

0

130

0

160

Your back is white

0

330

0

1.1k

At Home Among Strangers

1

3.8k

Other Decks in Programming

See All in Programming

Cline with Amazon Bedrockで爆速開発体験ハンズオン/ 株式会社ブリューアス登壇資料

0

110

State of Namespace

5

2.4k

mercury_dev0517

2

220

2ヶ月で生産性2倍、お買い物アプリ「カウシェ」4チーム同時改善の取り組み

1

110

個人開発の学生アプリが企業譲渡されるまで

2

1.1k

Browser and UI #2 HTML/ARIA

2

170

Empowering Developers with HTML-Aware ERB Tooling @ RubyKaigi 2025, Matsuyama, Ehime

2

940

読書シェア会 vol.4 『ダイナミックリチーミング第2版』

0

110

大LLM時代にこの先生きのこるには-ITエンジニア編

7

3.3k

[NG India] Event-Based State Management with NgRx SignalStore

markostanimirovic

1

190

The Implementations of Advanced LR Parser Algorithm

1

1.3k

UMAPをざっくりと理解 / Overview of UMAP

3

1.4k

Featured

See All Featured

Automating Front-end Workflow

1370

200k

Evolution of real-time – Irina Nazarova, EuRuKo, 2024

8

690

Why You Should Never Use an ORM

56

9.3k

10 Git Anti Patterns You Should be Aware of

656

60k

184

16k

A Tale of Four Properties

158

23k

The Straight Up "How To Draw Better" Workshop

233

140k

RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub

137

33k

Building Flexible Design Systems

yeseniaperezcruz

329

39k

Into the Great Unknown - MozCon

38

1.7k

CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again

160

15k

Designing Dashboards & Data Visualisations in Web Apps

231

53k

Transcript

Anton “Bo0oM” Lopanitsyn FTP2RCE
None
None
FTP - Active mode Command channel Data channel Port 21
Client’s port Client’s port
PORT 95,213,200,115,31,144 31*256+144 95.213.200.115
None
127.0.0.1:8080, OK What about redis?
https://medium.com/@knownsec404team/rce-exploits-of-redis-based-on-master-slave-replication-ef7a664ce1d0 https://2018.zeronights.ru/wp-content/uploads/materials/15-redis-post-exploitation.pdf
FTP - Passive mode Command channel Data channel Port 21
Random port Random port
None
A simple example of vulnerable code
1. PHP establishes an FTP connection $contents = fi le_get_contents($f);
2. FakeFTP gives a port with a payload for passive mode 3. Receiving a payload from socket and save to $contents 4. PHP comes to the FTP again. FakeFTP says ok, let's save your fi le using passive mode  fi le_put_contents($f, $contents); 5. As a socket for passive mode puts the internal FastCGI port. The payload makes RCE
Into the Wild CVE-2021-3129 https://www.ambionics.io/blog/laravel-debug-rce
https://github.com/tarunkant/Gopherus https://github.com/dfyz/ctf-writeups/tree/master/hxp-2020/resonator
? • https://twitter.com/i_bo0om • https://t.me/webpwn