[Sorry for my bad english ....]
I install FTP server over II6 and configure anonymous user with R/W permissions and I stop HTTP service.
I open Ftp connection to 192.168.1.100 anonymous mode and I try to write / copy file inside and it works.
So I think it's easy way put nc.exe on ftp server root.
I create connection as below:
I use FTP.exe windows command because it support "-s" option.
C:\>echo OPEN 192.168.0.100 >> ftp.txt
echo OPEN 192.168.0.100 >> ftp.txt
echo bye >> ftp.txt
C:\>ftp -A -s:ftp.txt
This mean run ftp.exe and execute instructions inside ftp.txt.
I browse ftp directory from firefox and I find nc.exe on the directory.
I can save nc.exe into my root but I can't run nc.exe or receive interactive shell.
It's right because FTP works in UDP mode port 20 and FTP is no-interactive program.
I try use Fast-Track in WEB GUI mode ./fast-track -g
I read official wiki and watch movies.(No movie about "Binary to Hex unfortunatly)
I'm interesting about "Binary to Hex Payload Generator".
I start fast-track in web gui mode localhost:4444.
Fast-Track guide localhost:44444/binaryconvert explains that payload size must be less than 64K.
I respect this infact nc.exe in about 59K.
I convert nc.exe in payload.exe.
By default it's saved on -->/pentest/exploit/fasstrack/payload.exe
Another point of the guide is "...and puts it into the right format to echo onto the operating system."
So I think the right method is exe to bat conversion
I convert wine exe2bat payload.exe in nc.txt.
I copy line code inside nc.txt.Code is in echo mode I suppose..
I open again ftp 192.168.1.100
From ftp shell I past nc.txt content.
I can't receive interactive shell .
I'm sure I miss something or I follow wrong way.
Thanks in advantage.