As I mentioned previously, FileCOPA FTP Server has a vulnerability in its LIST function. By targeting a machine running the vulnerable application and sending a specially crafted LIST command to the server, we can execute arbitrary code on the remote machine. This is a good position to be in for a penetration tester or security researcher. To test this vulnerability, send the LIST command to the server followed by the letter A repeated 1,000 times (1,000 is arbitrary; the command just needs to be long enough to trigger the overflow). The result will be a dead FTP server. The repeated As caused the server to crash because the As overwrote important data on the stack.

To demonstrate the server crashing, we will use a tool bundled ...