From 98d1997cfa2ff38ea671fe48cf3dc876a419622c Mon Sep 17 00:00:00 2001 From: itsmeroy2012 Date: Mon, 24 Apr 2017 00:09:20 +0530 Subject: [PATCH 1/4] KB for ftp_version --- .../auxiliary/scanner/ftp/ftp_version.md | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 documentation/modules/auxiliary/scanner/ftp/ftp_version.md diff --git a/documentation/modules/auxiliary/scanner/ftp/ftp_version.md b/documentation/modules/auxiliary/scanner/ftp/ftp_version.md new file mode 100644 index 0000000000000..f79c044404466 --- /dev/null +++ b/documentation/modules/auxiliary/scanner/ftp/ftp_version.md @@ -0,0 +1,62 @@ +## Description + +This module allows us to scan through a series of IP Addresses and provide details about the version of ftp running on that address. + +## Vulnerable Application + +### Install ftp server on Kali Linux: + +1. ```apt-get install vsftpd``` +2. Allow local users to log in and to allow ftp uploads by editing file /etc/vsftpd.conf uncommenting the following: + ``` + local_enable=YES + write_enable=YES + chroot_list_enable=YES + chroot_list_file=/etc/vsftpd.chroot_list + ``` +3. **IMPORTANT:** For allowing anonymous access set ```anonymous_enable=YES``` +4. Create the file /etc/vsftpd.chroot_list and add the local users you want allow to connect to FTP server. Start service and test connections: +5. ```service vsftpd start``` + +### Installing FTP for IIS 7.5 in Windows: + +#### IIS 7.5 for Windows Server 2008 R2: + +1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager. +2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS). +3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services. +4. On the Select Role Services page of the Add Role Services Wizard, expand FTP Server. +5. Select FTP Service. (Note: To support ASP.NET Membership or IIS Manager authentication for the FTP service, you will also need to select FTP Extensibility.) +6. Click Next. +7. On the Confirm Installation Selections page, click Install. +8. On the Results page, click Close. + +#### IIS 7.5 for Windows 7: + +1. On the taskbar, click Start, and then click Control Panel. +2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off. +3. Expand Internet Information Services, then FTP Server. +4. Select FTP Service. (Note: To support ASP.NET Membership or IIS Manager authentication for the FTP service, you will also need to select FTP Extensibility.) +5. Click OK. + +## Verification Steps + +1. Do: ```use auxiliary/scanner/ftp/anonymous``` +2. Do: ```set RHOSTS [IP]``` +3. Do: ```set RPORT [IP]``` +4. Do: ```run``` + +## Sample Output +``` +msf > use auxiliary/scanner/ftp/ftp_version +msf auxiliary(ftp_version) > set RHOSTS 127.0.0.1 +RHOSTS => 127.0.0.1 +msf auxiliary(ftp_version) > set RPORT 21 +RPORT => 21 +msf auxiliary(ftp_version) > exploit + +[*] 127.0.0.1:21 - FTP Banner: '220 (vsFTPd 3.0.3)\x0d\x0a' +[*] Scanned 1 of 1 hosts (100% complete) +[*] Auxiliary module execution completed +msf auxiliary(ftp_version) > +``` From 2990c3b2fb0807e39dd459dae0d7779ba3a21be4 Mon Sep 17 00:00:00 2001 From: itsmeroy2012 Date: Mon, 24 Apr 2017 00:10:30 +0530 Subject: [PATCH 2/4] minor fix --- documentation/modules/auxiliary/scanner/ftp/ftp_version.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/modules/auxiliary/scanner/ftp/ftp_version.md b/documentation/modules/auxiliary/scanner/ftp/ftp_version.md index f79c044404466..8e66654d31759 100644 --- a/documentation/modules/auxiliary/scanner/ftp/ftp_version.md +++ b/documentation/modules/auxiliary/scanner/ftp/ftp_version.md @@ -41,7 +41,7 @@ This module allows us to scan through a series of IP Addresses and provide detai ## Verification Steps -1. Do: ```use auxiliary/scanner/ftp/anonymous``` +1. Do: ```use auxiliary/scanner/ftp/ftp_version``` 2. Do: ```set RHOSTS [IP]``` 3. Do: ```set RPORT [IP]``` 4. Do: ```run``` From 03099cd57b10230745487d43b4e1b932d4171f52 Mon Sep 17 00:00:00 2001 From: itsmeroy2012 Date: Mon, 24 Apr 2017 00:15:53 +0530 Subject: [PATCH 3/4] adding confirmation --- .../auxiliary/scanner/ftp/ftp_version.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/documentation/modules/auxiliary/scanner/ftp/ftp_version.md b/documentation/modules/auxiliary/scanner/ftp/ftp_version.md index 8e66654d31759..d665ad8b68ad3 100644 --- a/documentation/modules/auxiliary/scanner/ftp/ftp_version.md +++ b/documentation/modules/auxiliary/scanner/ftp/ftp_version.md @@ -60,3 +60,22 @@ msf auxiliary(ftp_version) > exploit [*] Auxiliary module execution completed msf auxiliary(ftp_version) > ``` +## Confirming using NMAP +``` +root@kali:~# nmap -sV 127.0.0.1 + +Starting Nmap 7.40SVN ( https://nmap.org ) at 2017-04-24 00:12 IST +Nmap scan report for localhost (127.0.0.1) +Host is up (0.0000020s latency). +Not shown: 997 closed ports +PORT STATE SERVICE VERSION +21/tcp open ftp vsftpd 3.0.3 +111/tcp open rpcbind 2-4 (RPC #100000) +5432/tcp open postgresql PostgreSQL DB 9.5.4 +Service Info: OS: Unix + +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +Nmap done: 1 IP address (1 host up) scanned in 6.35 seconds +root@kali:~# + +``` From 7192836515f7b055dde40b4f3bf9fd86dbb2ac17 Mon Sep 17 00:00:00 2001 From: itsmeroy2012 Date: Mon, 24 Apr 2017 23:15:14 +0530 Subject: [PATCH 4/4] few edits added --- .../auxiliary/scanner/ftp/ftp_version.md | 23 ++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/documentation/modules/auxiliary/scanner/ftp/ftp_version.md b/documentation/modules/auxiliary/scanner/ftp/ftp_version.md index d665ad8b68ad3..ce7b9a9ed3938 100644 --- a/documentation/modules/auxiliary/scanner/ftp/ftp_version.md +++ b/documentation/modules/auxiliary/scanner/ftp/ftp_version.md @@ -7,15 +7,14 @@ This module allows us to scan through a series of IP Addresses and provide detai ### Install ftp server on Kali Linux: 1. ```apt-get install vsftpd``` -2. Allow local users to log in and to allow ftp uploads by editing file /etc/vsftpd.conf uncommenting the following: +2. Allow local users to log in and to allow ftp uploads by editing file `/etc/vsftpd.conf` uncommenting the following: ``` local_enable=YES write_enable=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list ``` -3. **IMPORTANT:** For allowing anonymous access set ```anonymous_enable=YES``` -4. Create the file /etc/vsftpd.chroot_list and add the local users you want allow to connect to FTP server. Start service and test connections: +3. Create the file `/etc/vsftpd.chroot_list` and add the local users you want allow to connect to FTP server. Start service and test connections: 5. ```service vsftpd start``` ### Installing FTP for IIS 7.5 in Windows: @@ -47,6 +46,9 @@ This module allows us to scan through a series of IP Addresses and provide detai 4. Do: ```run``` ## Sample Output + +### On vsFTPd 3.0.3 on Kali + ``` msf > use auxiliary/scanner/ftp/ftp_version msf auxiliary(ftp_version) > set RHOSTS 127.0.0.1 @@ -62,20 +64,15 @@ msf auxiliary(ftp_version) > ``` ## Confirming using NMAP ``` -root@kali:~# nmap -sV 127.0.0.1 +root@kali:~# nmap -sV 127.0.0.1 -p21 -Starting Nmap 7.40SVN ( https://nmap.org ) at 2017-04-24 00:12 IST +Starting Nmap 7.40SVN ( https://nmap.org ) at 2017-04-24 23:11 IST Nmap scan report for localhost (127.0.0.1) -Host is up (0.0000020s latency). -Not shown: 997 closed ports -PORT STATE SERVICE VERSION -21/tcp open ftp vsftpd 3.0.3 -111/tcp open rpcbind 2-4 (RPC #100000) -5432/tcp open postgresql PostgreSQL DB 9.5.4 +Host is up (0.000035s latency). +PORT STATE SERVICE VERSION +21/tcp open ftp vsftpd 3.0.3 Service Info: OS: Unix -Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . -Nmap done: 1 IP address (1 host up) scanned in 6.35 seconds root@kali:~# ```