akde/infosec

Information security is ultimately about managing risk

21 FTP

, ,

Enumeration

Mandatory

  1. Check anony­mous login
  2. Try to cre­ate AND upload a file:
    • mkdir test
    • put /tmp/test test
  3. Check login with at least the fol­low­ing credentials:
    • admin / admin
    • admin / password

Optional

  • Down­load every­thing with wget and look for .dot files!
  • Check login with new­ly found users
  • Brute-force login
    • Make sure to check admin / admin and oth­er usu­al com­bi­na­tions and DON’T relay on a pass­word list like best110.txt only!
  • Down­load the whole content
  • Check for FTP serv­er exploits
  • Try
    • ../
    • cd /
    • cd C:\
    • cd C:\\
    • get $file_which_should_be_on_the_os

Tools

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';