Anonymous FTPAdvanced Penetration Testing Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Tagged: , ,

This topic contains 22 replies, has 7 voices, and was last updated by  I.X.L 3 years, 5 months ago.

Viewing 20 posts - 1 through 20 (of 23 total)
  • Author
    Posts
  • #19069

    Two Wolves
    Participant

    What all can you do when you find an anon FTP? Just use it as a dropbox for files, or is it possible to upload backdoor code and execute it? I am in Exploitation Part 1 of Advanced Pen Testing, and uploading backdoor PHP code is pretty cool. Can you do anything like that with an FTP server?

    #19070

    Anonymous

    1st find out what FTP server and version is running. Take a look at using nmap for this:

    https://nmap.org/book/vscan.html

    You can use nmap to scan for the open ports and the versions of the services running on those ports. After that you can use Metasploit in Kali to find any exploits related to FTP service you find.

    You can also take that information and search for potential exploits on sites such as https://www.exploit-db.com

    I hope that helps.

    #19076

    Johan Grotherus
    Participant

    As for nmap, also check out the scripts that come with nmap that can check for certain ftp vulnerabilities. You can find a list of all nmap scripts at http://nmap.org/nsedoc/

    #19078

    Anonymous

    Johan, thanks so much for that link.i hadn’t come across that yet with nmap, still a n00b. But from what ive learned regarding nmap so far in my lan these scripts look like serious effiencies for target recon

    #19079

    Anonymous

    For a bit more context surrounding johan’s recommendation check out the high level overview first.

    http://nmap.org/book/nse.html

    #19134

    The Son of a Widow
    Participant

    What directory are you allowed to upload to? Is there an HTTP Web Server running on the box? What’s stopping you from uploading a Web Shell and browsing to the file? Sure nmap and service related vulnerabilities are something you want to use and check for, but if you’re allowed to upload to a web server somewhere, you can absolutely get a shell in most cases. If they were dull enough to allow Anonymous FTP access, wonder what else they were dull enough to do.

    #19143

    Two Wolves
    Participant

    David,

    That’s more what I was referring to. Yes, lets suppose its a Web Server and they happen to have an anon FTP running as well. What modules could I use in metasploit to upload to the file server? Something similar to the PHP Simple Backdoor Georgia used in Exploitation?

    #19145

    Vodkanaut
    Participant

    some times if the FTP is not configured correctly you and traverse to other directories that will allow you to gather useful data.

    #19177

    The Son of a Widow
    Participant

    Yes Two Wolves.

    However if you don’t have permission to attack the web server in the first place, you shouldn’t be playing around.

    #19179

    Anonymous

    Thanks gentlemen. You all just taught me something. I need to dig much deeper.

    #19188

    Two Wolves
    Participant

    David, that goes without saying. I am working out of VM’s, and have a filezilla server operating on XP. Just wondering what the proper method would be to upload something malicious and leverage it, as nothing I’ve tried yet has worked.

    #19190

    dozzyjean
    Participant

    most of the topic in advance penetration is not on a video file, can any recommendation be made on that.

    #19222

    Anonymous

    Can you leverage netcat in this scenario to get a reverse shell?

    #19292

    Two Wolves
    Participant

    I don’t think so, not without code execution. You would have to upload a file with a malicious payload and wait for a user on the FTP server to access it, or (speculation) upload a backdoor like the PHP backdoor shown in the videos and execute code that way. That’s what I want more explanation on, if anybody could provide it.

    How would you upload something to begin executing code or gain a backdoor? Is it heavily dependent on the FTP software/version in play, or is there something that will work on any FTP server if the anonymous account has write privileges?

    #19293

    Anonymous

    I’m sure I came across this scenario in my travels. I’ll dig deeper into this. I’ll need to set this scenario up in my lab and try a few things. I’ll get back to you.

    #19295

    Anonymous

    @twowolves – what is the webserver? IIS / Apache? Did you fingerprint the OS?

    #19296

    Anonymous

    @twowolves – you have write permisions? I assume you do if you are placing a file on the server

    #19303

    Anonymous

    @cisp – So to be a n00b and not l33t would you mind sharing a techniques to get the shell or reverse shell. I’m looking into it but gotta stop for a bit.

    I’m not trying to get out of my due dilligence research. I’m just a n00b looking for a tip so that I can work backwards from the exploit to the understanding the pieces and why it worked and how.

    #19306

    Anonymous

    @twowolves – I gotta bounce for a while. I’ll let you know what I find when I jump back in tomorrow. I feel like I should know this and the answer is probably very straight forward.

    You’re target environment from my understanding is: Filezilla server operating on XP

    If anyone else has a solution for this please post it or post the resources to get to it 😉

    #19373

    Anonymous

    I’ll take a look at the Metasploit modules and see what i find.

Viewing 20 posts - 1 through 20 (of 23 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel