(Damn Vulnerable Windows XP: Lesson 9)

{ How to setup the PCMan's FTP Server 2.0.7 Buffer Overflow }

Section 0. Background Information

What is Damn Vulnerable Windows XP?
- This is a Windows XP Virtual Machine that provides a practice environment to conduct ethical penetration testing, vulnerability assessment, exploitation and forensics investigation.
- The Microsoft Software License Terms for the IE VMs are included in the release notes.
- By downloading and using this software, you agree to these license terms.
What is PCMan FTP Server?
- PCMan's FTP Server is a free software mainly designed for beginners not familiar with how to set up a basic FTP. Configuration is made very easy. Consequently, functionality and security are not major concerns. Accordingly, the following exploit (CVE-2013-4730) exists.
What is the PCMan FTP Server 2.0.7 Buffer Overflow Exploit?
- The CVE Vulnerability number is CVE-2013-4730.
- Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
Implementing the CVE-2013-4730 with PCMan FTP Server 2.0.7
- The following lesson will show you how to down, install and run PCMan.
- The Post-Requisite Lesson will show you how to illustrate the exploit.
Pre-Requisite
- Damn Vulnerable Windows XP: Lesson 1: How to create a Damn Vulnerable Windows XP Machine
Post-Requisite
- Buffer Overflow: Lesson 1: PCMan's FTP Server 2.0.7 Buffer Overflow Explained
Lab Notes
- In this lab we will do the following:
  1. Download PCMan FTP Server 2.0.7
  2. Install PCMan FTP Server 2.0.7
Legal Disclaimer
- As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
- In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
- In addition, this is a teaching website that does not condone malicious behavior of any kind.
- You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
- © 2016 No content replication of any kind is allowed without express written permission.

Section 1: Log into Damn Vulnerable WXP-SP2

Open VMware Player on your windows machine.
- Instructions:
  1. Click the Start Button
  2. Type "vmware player" in the search box
  3. Click on VMware Player
Edit Virtual Machine Settings
- Instructions:
  1. Click on Damn Vulnerable WXP-SP2
  2. Edit Virtual Machine Settings
- Note:
  - Before beginning a lesson it is necessary to check the following VM settings.
Set Network Adapter
- Instructions:
  1. Click on Network Adapter
  2. Click on the radio button "Bridged: Connected directly to the physical network".
  3. Click the OK Button
Start Up Damn Vulnerable WXP-SP2.
- Instructions:
  1. Start Up your VMware Player
  2. Play virtual machine
Logging into Damn Vulnerable WXP-SP2.
- Instructions:
  1. Click on Administrator
  2. Password: Supply Password
    - (See Note)
  3. Press <Enter> or Click the Arrow
- Note(FYI):
  1. Password was created in (Lab 1, Section 1, Step 8)
Open the Command Prompt
- Instructions:
  1. Click the Start Button
  2. All Programs --> Accessories --> Command Prompt
Obtain Damn Vulnerable WXP-SP2's IP Address
- Instructions:
  1. ipconfig
  2. Record Your IP Address
- Note(FYI):
  - In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
  - This is the IP Address of the Victim Machine.

Section 2: Install PCMan's FTP Server 2.0.7

Open Firefox
- Instructions:
  1. Click the Start Button
  2. All Programs --> Mozilla Firefox
Download PCMan 2.0.7
- Instructions:
  1. Navigate to the following URL
    - https://www.exploit-db.com/exploits/26471/
  2. Click on the Vulnerable App Icon ()
  3. Click the OK Button
Open Downloads Folder (Part 1)
- Instructions:
  1. Tools --> Downlaods
Open Downloads Folder (Part 2)
- Instructions:
  1. Right Click on 9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z
  2. Click on Open Containing Folder
Extract the *PCMan.7z file
- Instructions:
  1. Right Click on *PCMan.7z
  2. Touch 7-Zip
  3. Click on Extract to *PCMan\
Open the *PCMan Folder
- Instructions:
  1. Right on *PCMan Folder
  2. Select Open
Create a PCMan Desktop Icon
- Instructions:
  1. Right on PCManFTPD2
  2. Touch Send To
  3. Select Desktop (create shortcut)
Show Desktop
- Instructions:
  1. Right Click on Blue Taskbar
  2. Select Show the Desktop
Run PCMan
- Instructions:
  1. Right Click on the PCMan Desktop Icon
  2. Select Open
  3. The PCMan FTP Server Application will appear

Section 3: Proof of Lab

Open the Command Prompt
- Instructions:
  1. Click the Start Button
  2. All Programs --> Accessories --> Command Prompt
Proof of Lab
- Instructions:
  1. tasklist 2>NULL| find /i "pcman"
  2. netstat -nao | findstr "2852"
    - Replace the Process ID(2852) with your PCManFTPD2.exe Process ID.
  3. date /t
  4. echo "Your Name"
    - Put in your actual name in place of "Your Name"
    - e.g., echo "John Gray"
- Note(FYI):
  - Command #1, Use (tasklist) to show all the running processes. Use (find) and ignore case (/i) to display only the processes that contain the string (pcman). Retrieve your Process ID associated with PCManFTPD2.exe. Mind is 2852.
  - Command #2, Use (netstat -nao) to display all (a) network connections, their port numbers (n), and the owning process (o). Use (findstr) to display the Process ID(2852). Remember to replace my Process ID(2852) with your Process ID.
- Proof of Lab Instructions
  1. Press the <Ctrl> and <Alt> key at the same time.
  2. Press the <PrtScn> key.
  3. Paste into a word document
  4. Upload to Moodle