Today we are sharing tips and tricks on FTP attacks and security through FTP penetration testing which will help to secure your server from any kind FTP attack.
Aug 31, 2009 This module exploits a stack buffer overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the. Sep 09, 2015 He isn’t even sure yet if the server is running the ftp service. He knows if he gets a connection refused message it wont behe’s in luck thoughthe following appears on the screen: C:ftp www.company.com Connected to www.company.com. 220 saturn Microsoft FTP Service (Version 3.0).
FTP stands for File Transfer Protocol used for the transfer of computer files such as docs, PDF, multimedia and etc between a client and server on a computer network via port 21. Port 21 is default port which gets open when FTP is activated for sharing data.
Aug 31, 2009 A remote Microsoft FTP server exploit was released today by Kingcope. Tags: microsoft ftp server 5.0 vulnerabilities, offensive security ‹ PREVIOUS POST. Sep 12, 2017 Today we are sharing tips and tricks on FTP attacks and security through FTP penetration testing which will help to secure your server from any kind FTP attack. FTP stands for File Transfer Protocol used for the transfer of computer files such as docs, PDF, multimedia and etc between a client and server on a computer network via port 21. For this exploit to work in most cases, you need 1) a valid ftp account: either read-only or write-access account 2) the 'FTP Publishing' must be configured as 'manual' mode in startup type 3) there must be at least one directory under FTP root directory.
Let’s start!!
Install & Configure FTP Server on Windows 7
Firstly we are going to set up the FTP server on our Windows 7 for sharing the file in a LAN. In order to accomplish that we are going to open Control Panel >Programs >Programs and Features >Turn Windows features on or off as shown below.
Here Expand Internet Information Services and check the FTP Server option.
Also, ensure that FTP Extensibility and FTP Service are both checked as shown below and click OK to begin Installation.
This Installs the IIS and FTP Service Manager, be patient it might take some time.
Configure FTP Site in IIS
Now to open IIS, we will open Control Panel after then select System and Security and here we will open Administrative Tools. In Administrative Tools, you will find IIS Manager as shown below, open it.
The new window of Internet information IIS Manager will come up; right-click Sites given in left panel under Connections, select Add FTP Site.
This will open a new window as shown below.
Enter the name of the FTP site of your choice, as shown in given image ignite.
Enter the path to the FTP folder you want to use to send and receive files. In our case, we created a folder named ftp in location C:ftp.
And click next.
Binding and SSL Settings, we will bind our IPv4 address to the server by allowing following setting then click on next.
- Enter IP:192.168.1.128 and Port: 21.
- Enable the checkbox for Start FTP site automatically
- In SSL option select No SSL and click next.
Allow following setting in Authenticationand Authorization for your FTP site and then click on Finish.
Authentication: Basic
Authorization: specific users (pc7)
Permission: read and write
From the given image, you can see we had successfully configured an FTP server for Ignite. Now let’s try to connect with it for sharing files.
Scanning FTP with nmap
An attacker may take help of nmap to verify whether port 21 is activated or not. For FTP penetration, we are also using nmap in order to scan the targeted system (192.168.1.128) for open FTP port.
If file transfer service is allowed then nmap will show OPEN as a state for port 21, as shown in the given image.
Connect client to FTP Server through WinSCP
WinSCP is a free software which is used to access the FTP server. You can download it from here.
- Protocol to: FTP
- Encryption To: No Encryption
- Hostname: IP of the FTP Server
- Port: 21
- Username and Password: Windows login credentials of the user.
Click on Login.
As you can see I have successfully connected to my FTP server which has a file called demo.txt.
Version Enumeration on FTP
Now, let’s try to get the FTP version through ftp_version on Metasploit
Open the terminal in your Kali Linux and Load Metasploit framework now type the following command to scan for FTP version.
Now repeat the step with some changes to restrict other IPs for denying to access FTP services.
Now following given below step:
- Click on FTP IPv4 Address and Domain Restrictions
- Click on Add deny Entry from the Actions Tab in the right panel
- Select Specific IP Address and enter the IP address
- Click OK
Hence if any other user or attacker finds out credential for FTP login he cannot able to connect with the server.
Let’s verify above setting by Brute force again in the same way we did before. From the given image, you can observe though it is showing incorrect combination for correct credentials also.
FTP Port Transfer
You can forward port 21 on another port for increasing server security although to perform this you need to open IIS.
Now click on the Bindings on Actions Tab.
It will open a window as shown below where it is showing that FTP service is activated on port 21, now click on edit to replace this port into another.
From the given image you can see we have are now using port 5000 for FTP services.
Microsoft Ftp Service Exploits
Now let’s check using nmap
As you can see the FTP service has been shifted to port 5000
Now to verify if the service is actually running on port 5000 let’s login into FTP server using WinSCP and this time using port 5000 as shown below
Great!!! We are successfully connected with FTP server via port 5000
FTP Log Monitoring
In IIS Manager we can also manage Logs of our FTP Server. Here, we can Schedule the Logging and also manage the size of logs and Location of Logs For monitoring ftp log follow given below steps:
Open FTP Logging in the Features View.
- The format of the log file: click on the W3C field and then select the desired option such as date, time, client IP and etc.
- Directory: browse a location where you want to save the logs
- Schedule: Daily
Now if you want to view logs of FTP server you can open the directory which you have browsed for saving logs i.e. C:inerpublogsLogsfiles
From given below image you can observe logs for FTP login.
Author: Pavandeep Singh is An Ethical Hacker, Cyber Security Expert, Penetration Tester, India. Contact here