To find ftp hosts that allows anonymous access.
We will use Nmap a great all around scanning tool.
To find these hosts we will use this code…
c:\nmap\nmap.exe -p21 --script ftp-anon -iL c:\ipranges.txt
-oN c:\results.txt
Place this text in a text document and save it as a .bat
file.
*note your locations might be different than mine; I like to
have my Nmap located @ c: makes writing code faster.
Now for new people @ this, ipranges.txt will have ip’s in
list format or ip ranges in cidr format.
cidr = Classless Inter-Domain Routing *example 39.0.0.0/8 the /8 would scan
the whole block .0.0.0 up to 255.255.255.
You
can google cidr for more info.
The
-oN c:\results.txt is the results of the scan in plain text.
Now
lets say we found a host that allows writing, you would see something like this…
Nmap
scan report for Host
Host
is up (0.26s latency).
PORT STATE SERVICE
21/tcp
open ftp
|
ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_drwxrwxrwx 1 0
0 4096 Mar 11 21:05 TOSHIBA_EXT [NSE: writeable]
This
lets you do a lot. You can hide files for remote public access or upload files
for private access. Changing the permissions on the files you uploaded to the
ftp.
You
could be a destroyer and deleted everything off the ftp.
Now
not all ftp’s you find will be writeable and even if they are, you have to
follow some file/folder structure rules.
To
do this all you have to do is download FileZilla or whatever ftp client you prefer
and run the host with the username ‘anonymous’ sometimes it needs a
password *any password will give you access and sometimes it don’t require a password given. Once you have access you can start uploading to
the ftp or modify.
Most
of the time you will see this…
Nmap
scan report for Host
Host
is up (0.20s latency).
PORT STATE SERVICE
21/tcp
open ftp
|
ftp-anon: Anonymous FTP login allowed (FTP code 230)
|
drwxr-xr-x 9 root root 128 May
18 2014 disk1
|_drwxr-xr-x 7 root
root 4096 Nov 7 23:37 info
It
may not look exactly the same but as you see, there's no writeable.
The
import thing to note is that if you see an open ftp | ftp-anon:
Anonymous FTP login allowed (FTP code 230) but no drwxr-xr-x with it, than there's no point in checking
it out.
Nmap
scan report for Host
Host
is up (0.20s latency).
PORT STATE SERVICE
21/tcp
open ftp
|
ftp-anon: Anonymous FTP login allowed (FTP code 230)
What’s
the point of all this?
Being
able to write to someone else’s ftp is a huge whole and gives you great power
over the host @ the time. Also finding anonymous has it rewards to. You can
find private pictures not intended for the public, movies, music and also software.
Also you will find trojans, viruses, malware and hacking tools because other
hackers have found the host before you and are using it.
Have
fun finding hidden treasures.
No comments:
Post a Comment