Disclaimer: This blog is for educational purpose only!!!

In this blog we will exploit “Filezilla” server and service. The “Filezilla” allow users to upload and download files from server. The user will use client application to connect to “FileZilla” Server and execute command to receive, send and delete files, as well as creating and removing directories from server.

Please note that we are using old and vulnerable server or application versions for demonstration/practical purpose.

We have installed and configured “Filezilla” server in Windows7 VirtualBox machine.

We already scanned Windows 7 VirtualBox machine by using Nmap tool from Kali Linux machine in which we got to know information about FileZilla Server and FTP protocol are present.

We searched exploit for FTP in Metasploit-Framework and we got one exploit for Windows7 which is performing DOS attack exploit on FTP server. Now, we typed command “show options” and set all required options which are required to exploit it.

Finally, we can type command “exploit” to start the exploiting services.

We have successfully exploited FileZilla Server as shown in the below screenshot. In this FileZilla Server stopped working and shows some unknown text. This is DOS attack exploit.

How to Prevent:

  • Try to update the FileZilla server with latest version.
  • Enable FTP services over TLS.
  • Enable Network Level Authentication on system.
  • Properly configure port numbers with firewall.

References:

  • https://filezillapro.com/docs/server/filezilla-pro-enterprise-server/difference-filezilla-server-filezilla-pro/
  • https://www.freepik.com/free-vector/abstract-creative-website-hosting-illustration_21743687.htm#query=ftp%20server&position=1&from_view=keyword&track=ais