The techniques to scan , enumerate and possible exploit this services are fairly easy to do.
Now let's begin the 3 step's mentioned :
SCANING
To scan for open ftp port's we use tools like nmap, example below.
Code: Select all
nmap -sT -sV -p21,2121 $IPThis scan's the port's and determines the version, other ways to determine the version's are :
Code: Select all
nc $IP $PORT -vCode: Select all
telnet $IP $PORT You can even use metasploit aux module:
Code: Select all
msf6 > use auxiliary/scanner/ftp/ftp_versionCode: Select all
msf6 > set RHOSTS $IPCode: Select all
msf6 > set RPORT $PORTCode: Select all
msf6 > runNow that we determined the ftp version , let's start with enumerating.
ENUMERATION
To enumerate ftp service port we use the nmap scripting engine (NSE), example below:
Code: Select all
nmap -sT -p21,2121 --script=ftp-* $IPNow let's get started with exploiting ftp .
EXPLOITATION
The first step after determining the ftp version will use that information to look for specific public cve's/exploit's.
Will first review the exploitation category related to ftp service :
CATEGORY
- *DOS*
- *BUFFER OVER FLOW*
- *RCE*
- *MISCONFIGURATION*
- *BRUTEFORCE* not an exploit but it's an attack
I'm not gonna go into them i'm just gonna show you how you can search for the exploit's.
Code: Select all
searchsploit *FTP SOFTWARE* + *FTP VERSION*Code: Select all
Example : searchsploit proftpd 1.3.3Code: Select all
pompem -s proftpd 1.3.3You can again use metasploit.
Code: Select all
msf6 > search proftpd 1.3.3[url]sploitus.com[/url]
OK now we've learned how to scan for open ports, determine the version running, enumerate our target IP and how do we search for exploit's.
See y'all in part2 maybe
