Wednesday, 10 December 2014

FTP Authendication Attack with Metasploit

 

Name      : FTP Authentication Scanner
Module    : auxiliary/scanner/ftp/ftp_login
Version   : 14976
License   : Metasploit Framework License (BSD)
Rank       : Normal

Provided by: todb <todb@metasploit.com>

Description:
 
This module will test FTP logins on a range of machines and report
successful logins. If you have loaded a database plugin and
connected to a database this module will record successful logins
and hosts so you can track your access.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0502

Example of successful login

msf  > use auxiliary/scanner/ftp/ftp_login
msf  auxiliary(ftp_login) > set rhosts External-IP
rhosts => External-IP

msf  auxiliary(ftp_login) > run
[*] External-IP:21 – Starting FTP login sweep
[*] Connecting to FTP server External-IP:21…
[*] Connected to target FTP server.
[*] External-IP:21 – FTP Banner: ‘220 Microsoft FTP Service\x0a\x0a’
[*] External-IP:21 FTP – Attempting FTP login for ‘anonymous':’chrome@example.com
[+] External-IP:21 – Successful FTP login for ‘anonymous':’chrome@example.com
[*] External-IP:21 – User ‘anonymous’ has READ access
[*] Successful authentication with read access on External-IP will not be reported
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed


Example of successful login with READ/WRITE access

msf  auxiliary(ftp_login) > run
[*] External-IP:21 – Starting FTP login sweep
[*] Connecting to FTP server External-IP:21…
[*] Connected to target FTP server.
[*] External-IP:21 – FTP Banner: ‘220 Microsoft FTP Service\x0a\x0a’
[*] External-IP:21 FTP – Attempting FTP login for ‘anonymous':’chrome@example.com
[+] External-IP:21 – Successful FTP login for ‘anonymous':’chrome@example.com
[*] External-IP:21 – User ‘anonymous’ has READ/WRITE access
[*] Successful authentication with write access on External-IP will not be reported
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed


Example of none successful login

msf  auxiliary(ftp_login) > run
[*] External-IP:21 – Starting FTP login sweep
[*] Connecting to FTP server External-IP:21…
[*] Connected to target FTP server.
[*] External-IP:21 – FTP Banner: ‘220 Microsoft FTP Service\x0a\x0a’
[*] External-IP:21 FTP – Attempting FTP login for ‘anonymous':’IEUser@’
[*] External-IP:21 FTP – Failed FTP login for ‘anonymous':’IEUser@’
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed


If you don’t want to use metasploit but want to see same results you can use nmap

root@bt:~# nmap -sV -sC -p 21 remote-ip
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2010-06-02 02:04 BST
Nmap scan report for remote-ip
Host is up (0.00053s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_2010-06-02 02:04 61440 nc.exe
MAC Address: 00:02:03:04:05:06 (Micky Systems)
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds