ComputerSecurityStudent (CSS) [Login] [Join Now]




|WINDOWS >> Damn Vulnerable Windows >> WXP-SP2 IE6 >> Current Page |Views: 5024

(Damn Vulnerable Windows XP: Lesson 6)

{ How to setup the TFTPD32 Long Filename Buffer Overflow }


Section 0. Background Information
  1. What is Damn Vulnerable Windows XP?
    • This is a Windows XP Virtual Machine that provides a practice environment to conduct ethical penetration testing, vulnerability assessment, exploitation and forensics investigation.
    • The Microsoft Software License Terms for the IE VMs are included in the release notes.
    • By downloading and using this software, you agree to these license terms.

  2. What is TFTP?
    • Trivial File Transfer Protocol (TFTP) is a simple, lock-step, File Transfer Protocol which allows a client to get from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement.
     
  3. What is the TFTPDWIN v0.4.2 Long Filename Buffer Overflow Exploit?
    • The CVE Vulnerability number is CVE-2006-4948.
    • Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name.

  4. Implementing the CVE-2011-0609 with UltraVNC
    • The following lesson will show you how to configure UltraVNC.
    • The Post-Requisite Lesson will show you how to illustrate the exploit.

  5. Pre-Requisite
  6. Post-Requisite
  7. Lab Notes
    • In this lab we will do the following:
      1. Download TFTPDWIN v0.4.2
      2. Install TFTPDWIN v0.4.2
     
  8. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2015 No content replication of any kind is allowed without express written permission.

 

Section 1: Log into Damn Vulnerable WXP-SP2
  1. Open VMware Player on your windows machine.
    • Instructions:
      1. Click the Start Button
      2. Type "vmware player" in the search box
      3. Click on VMware Player

     

  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Edit Virtual Machine Settings
    • Note:
      • Before beginning a lesson it is necessary to check the following VM settings.

     

  3. Set Network Adapter
    • Instructions:
      1. Click on Network Adapter
      2. Click on the radio button "Bridged: Connected directly to the physical network".
      3. Click the OK Button

     

  4. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine

     

  5. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Administrator
      2. Password: Supply Password
        •  (See Note)
      3. Press <Enter> or Click the Arrow
    • Note(FYI):
      1. Password was created in (Lab 1, Section 1, Step 8)

     

  6. Open the Command Prompt
    • Instructions:
      1. Click the Start Button
      2. All Programs --> Accessories --> Command Prompt

     

  7. Obtain Damn Vulnerable WXP-SP2's IP Address
    • Instructions:
      1. ipconfig
      2. Record Your IP Address
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
      • This is the IP Address of the Victim Machine.

 

Section 2: Install TFTPD32
  1. Open Firefox
    • Instructions:
      1. Click the Start Button
      2. All Programs --> Mozilla Firefox

     

  2. Download tftpdwin (Part 1)
    • Instructions:
      1. Navigate to the following URL
        • https://www.exploit-db.com/apps/634fc07c22568e72ce981ce7535ee357-tftpdwin.zip
      2. Click the Save File Radio Button

     

  3. Download tftpdwin (Part 2)
    • Instructions:
      1. Navigate to Desktop --> My Documents --> Downloads
      2. Click the Save Button

     

  4. Open Download Folder
    • Instructions:
      1. Tools --> Downloads
      2. Right Click on tftpdwin.zip
      3. Click on Open Containing Folder

     

  5. Open tftpdwin.zip
    • Instructions:
      1. Right Click on *tftpdwin.zip
      2. Click Open

     

  6. Open tftpdwin.exe
    • Instructions:
      1. Right Click on *tftpdwin.exe
      2. Click Open

     

  7. Open File - Security Warning
    • Instructions:
      1. Click the Run Button

     

  8. Setup - TFTP Server TFTPDWIN
    • Instructions:
      1. Click the Next Button

     

  9. Setup - TFTP Server TFTPDWIN (License Agreement)
    • Instructions:
      1. Click I accept the agreement
      2. Click the Next Button

     

  10. Setup - TFTP Server TFTPDWIN (Select Destination Location)
    • Instructions:
      1. Take the default destination location.
      2. Click the Next Button

     

  11. Setup - TFTP Server TFTPDWIN (Select Start Menu Folder)
    • Instructions:
      1. Take the default folder name.
      2. Click the Next Button

     

  12. Setup - TFTP Server TFTPDWIN (Select Additional Tasks)
    • Note(FYI):
      1. Creating a desktop icon is optional... Clutter Free IMHO :-)
    • Instructions:
      1. Click the Next Button

     

  13. Setup - TFTP Server TFTPDWIN (How to start the program)
    • Note(FYI):
      1. Never start up a service until you securely configured it.
      2. Consequently, this is a Damn Vulnerable Machine and security is a moot point in this case.
    • Instructions:
      1. Check Start TFTP Server TFTPDWIN automatically
      2. Click the Next Button

     

  14. Setup - TFTP Server TFTPDWIN (Ready to Install)
    • Instructions:
      1. Click the Install Button

     

  15. Setup - TFTP Server TFTPDWIN (Launch TftpdWin)
    • Instructions:
      1. Check Launch TftpdWin
      2. Click the Finish Button

     

  16. Verify Installation
    • Instructions:
      1. You should see that the TFTPDWIN application is open
      2. Verify that TFTPD is located in the lower left tray

     

Section 3: Proof of Lab
  1. Open the Command Prompt
    • Instructions:
      1. Click the Start Button
      2. All Programs --> Accessories --> Command Prompt

     

  2. Proof of Lab
    • Instructions:
      1. dir "C:\Program Files" | find /i "tftp"
      2. tasklist | findstr "tftp"
      3. netstat -nao | findstr ":69"
      4. date /t
      5. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth