background image

Intelligence Gathering

29

FTP Scanning

FTP is a complicated and insecure protocol. FTP servers are often the easiest 
way into a target network, and you should always scan for, identify, and finger-
print any FTP servers running on your target.

Next, we scan our XP box for FTP services using the Framework’s 

ftp_version 

module:

msf > 

use scanner/ftp/ftp_version

msf auxiliary(ftp_version) > 

show options

Module options:

   Name       Current Setting      Required  Description
   ----       ---------------      --------  -----------
   FTPPASS    mozilla@example.com  no        The password for the specified username
   FTPUSER    anonymous            no        The username to authenticate as
   RHOSTS                          yes       The target address range or CIDR identifier
   RPORT      21                   yes       The target port
   THREADS    1                    yes       The number of concurrent threads
   WORKSPACE                       no        The name of the workspace to report data into

msf auxiliary(ftp_version) > 

set RHOSTS 192.168.1.0/24

RHOSTS => 192.168.1.0/24
msf auxiliary(ftp_version) > 

set THREADS 255

THREADS => 255
msf auxiliary(ftp_version) > 

run

 [*] 192.168.1.155:21 FTP Banner: Minftpd ready

The scanner successfully identifies an FTP server at  . Now let’s see if 

this FTP server allows anonymous logins using the Framework’s 

scanner/ftp/

anonymous

.

msf > 

use auxiliary/scanner/ftp/anonymous

msf auxiliary(anonymous) > 

set RHOSTS 192.168.1.0/24

RHOSTS => 192.168.1.0/24
msf auxiliary(anonymous) > 

set THREADS 50

THREADS => 50
msf auxiliary(anonymous) > 

run

[*] Scanned 045 of 256 hosts (017% complete)

 [*] 192.168.1.155:21 Anonymous READ/WRITE (220 Minftpd ready)

The scanner reports at   that anonymous access is allowed and that 

anonymous users have both read and write access to the server; in other 
words, we have full access to the remote system and the ability to upload or 
download any file that can be accessed by the FTP server software.