FTP Server is now configured to use PASV Mode. Added workaround for I…

…CMP protocol types.
RedSiege · Aug 14, 2016 · 15dfd3d · 15dfd3d
1 parent 67a0bb4
commit 15dfd3d
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 4 deletions.
diff --git a/protocols/servers/ftp_server.py b/protocols/servers/ftp_server.py
@@ -10,7 +10,7 @@
 from pyftpdlib.authorizers import DummyAuthorizer
 from pyftpdlib.handlers import FTPHandler
 from pyftpdlib.servers import FTPServer
-
+import urllib
 
 class Server:
 
@@ -45,6 +45,10 @@ def serve(self):
 
             # Define a customized banner (string returned when client connects)
             handler.banner = "Connecting to Egress-Assess's FTP server!"
+            #Define public address and  passive ports making NAT configurations more predictable
+            public_ip = urllib.urlopen("http://api.ipify.org/").read()
+            handler.masquerade_address = public_ip
+            handler.passive_ports = range(60000, 60100)
 
             try:
                 server = FTPServer(('', self.port), handler)

diff --git a/setup/Dockerfile b/setup/Dockerfile
@@ -15,6 +15,12 @@ RUN chmod +x /Egress-Assess/setup/setup-docker.sh
 RUN bash -c "cd /Egress-Assess && ./setup/setup-docker.sh"
 EXPOSE 80 443 53/udp 25 21 20 445
 ENTRYPOINT bash -c "cd /Egress-Assess && ./Egress-Assess.py --list-servers && ./Egress-Assess.py -h && bash" 
-#Example Server Execution- Slight changes in port incase these are inuse
-#Loots can be any local folder you want
-#docker run -it -p 25:25 -p 20:20 -p 21:21 -p 80:80 -p 445:445 -p 53:53/udp -p 444:443 -p 23:22 -v /home/ubuntu/loots:/Egress-Assess/data/ piesecurity/egress-assess
+#Example Client Execution
+#docker run -it piesecurity/egress-assess
+#Example Server Execution- This requires all of the port mappings and location of your loots folder
+#Slight changes in port incase these are already in use
+#loots can be any local folder you want
+#docker run -it -p 25:25 -p 20-21:20-21 -p 60000-60100:60000-60100 -p 80:80 -p 445:445 -p 53:53/udp -p 444:443 -p 23:22 -v /home/ubuntu/loots:/Egress-Assess/data/ piesecurity/egress-assess
+#Special note for running the ICMP Server in Docker: Add the below iptables rule after the docker container is running
+#iptables -t nat -A PREROUTING -p ICMP -i <internet_interface> -j DNAT --to-destination <dockerContainerIP>
+#You can find the <dockerContainerIP> through the docker inpsect command, or just look at the rest of your iptables rules under the DOCKER chain