0x00 前言

参考Micro8系列第四十二课:https://micro8.gitbook.io/micro8/contents-1/41-50/42-gong-ji-ftp-fu-wu

0x01 MSF攻击FTP服务

MSF中常用攻击FTP服务的模块如下:

MSF模块 说明
auxiliary/scanner/ftp/ftp_version FTP版本扫描器
auxiliary/scanner/ftp/ftp_login FTP认证扫描器
auxiliary/scanner/ftp/anonymous 匿名访问检测
auxiliary/fuzzers/ftp/client_ftp 简单的FTP客户端Fuzz工具
auxiliary/fuzzers/ftp/ftp_pre_post 简单的FTP Fuzz工具

更多的FTP模块可以使用MSF的search结合type搜索:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
msf6 > search type:auxiliary ftp

Matching Modules
================

   #   Name                                                  Disclosure Date  Rank    Check  Description
   -   ----                                                  ---------------  ----    -----  -----------
   0   auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass  2006-08-23       normal  No     Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access
   1   auxiliary/admin/officescan/tmlisten_traversal                          normal  No     TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access
   2   auxiliary/admin/tftp/tftp_transfer_util                                normal  No     TFTP File Transfer Utility
   3   auxiliary/dos/scada/d20_tftp_overflow                 2012-01-19       normal  No     General Electric D20ME TFTP Server Buffer Overflow DoS
   4   auxiliary/dos/windows/ftp/filezilla_admin_user        2005-11-07       normal  No     FileZilla FTP Server Admin Interface Denial of Service
   5   auxiliary/dos/windows/ftp/filezilla_server_port       2006-12-11       normal  No     FileZilla FTP Server Malformed PORT Denial of Service
   6   auxiliary/dos/windows/ftp/guildftp_cwdlist            2008-10-12       normal  No     Guild FTPd 0.999.8.11/0.999.14 Heap Corruption
   7   auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof          2010-12-21       normal  No     Microsoft IIS FTP Server Encoded Response Overflow Trigger
   8   auxiliary/dos/windows/ftp/iis_list_exhaustion         2009-09-03       normal  No     Microsoft IIS FTP Server LIST Stack Exhaustion
   9   auxiliary/dos/windows/ftp/solarftp_user               2011-02-22       normal  No     Solar FTP Server Malformed USER Denial of Service
   10  auxiliary/dos/windows/ftp/titan626_site               2008-10-14       normal  No     Titan FTP Server 6.26.630 SITE WHO DoS
   11  auxiliary/dos/windows/ftp/vicftps50_list              2008-10-24       normal  No     Victory FTP Server 5.0 LIST DoS
   12  auxiliary/dos/windows/ftp/winftp230_nlst              2008-09-26       normal  No     WinFTP 2.3.0 NLST Denial of Service
   13  auxiliary/dos/windows/ftp/xmeasy560_nlst              2008-10-13       normal  No     XM Easy Personal FTP Server 5.6.0 NLST DoS
   14  auxiliary/dos/windows/ftp/xmeasy570_nlst              2009-03-27       normal  No     XM Easy Personal FTP Server 5.7.0 NLST DoS
   15  auxiliary/dos/windows/tftp/pt360_write                2008-10-29       normal  No     PacketTrap TFTP Server 2.2.5459.0 DoS
   16  auxiliary/dos/windows/tftp/solarwinds                 2010-05-21       normal  No     SolarWinds TFTP Server 10.4.0.10 Denial of Service
   17  auxiliary/fuzzers/ftp/client_ftp                                       normal  No     Simple FTP Client Fuzzer
   18  auxiliary/fuzzers/ftp/ftp_pre_post                                     normal  No     Simple FTP Fuzzer
   19  auxiliary/gather/apple_safari_ftp_url_cookie_theft    2015-04-08       normal  No     Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
   20  auxiliary/gather/d20pass                              2012-01-19       normal  No     General Electric D20 Password Recovery
   21  auxiliary/gather/konica_minolta_pwd_extract                            normal  No     Konica Minolta Password Extractor
   22  auxiliary/scanner/ftp/anonymous                                        normal  No     Anonymous FTP Access Detection
   23  auxiliary/scanner/ftp/bison_ftp_traversal             2015-09-28       normal  Yes    BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure
   24  auxiliary/scanner/ftp/colorado_ftp_traversal          2016-08-11       normal  Yes    ColoradoFTP Server 1.3 Build 8 Directory Traversal Information Disclosure
   25  auxiliary/scanner/ftp/easy_file_sharing_ftp           2017-03-07       normal  Yes    Easy File Sharing FTP Server 3.6 Directory Traversal
   26  auxiliary/scanner/ftp/ftp_login                                        normal  No     FTP Authentication Scanner
   27  auxiliary/scanner/ftp/ftp_version                                      normal  No     FTP Version Scanner
   28  auxiliary/scanner/ftp/konica_ftp_traversal            2015-09-22       normal  Yes    Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure
   29  auxiliary/scanner/ftp/pcman_ftp_traversal             2015-09-28       normal  Yes    PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure
   30  auxiliary/scanner/ftp/titanftp_xcrc_traversal         2010-06-15       normal  No     Titan FTP XCRC Directory Traversal Information Disclosure
   31  auxiliary/scanner/http/titan_ftp_admin_pwd                             normal  No     Titan FTP Administrative Password Disclosure
   32  auxiliary/scanner/misc/zenworks_preboot_fileaccess                     normal  No     Novell ZENworks Configuration Management Preboot Service Remote File Access
   33  auxiliary/scanner/portscan/ftpbounce                                   normal  No     FTP Bounce Port Scanner
   34  auxiliary/scanner/quake/server_info                                    normal  No     Gather Quake Server Information
   35  auxiliary/scanner/rsync/modules_list                                   normal  No     List Rsync Modules
   36  auxiliary/scanner/snmp/cisco_config_tftp                               normal  No     Cisco IOS SNMP Configuration Grabber (TFTP)
   37  auxiliary/scanner/snmp/cisco_upload_file                               normal  No     Cisco IOS SNMP File Upload (TFTP)
   38  auxiliary/scanner/ssh/cerberus_sftp_enumusers         2014-05-27       normal  No     Cerberus FTP Server SFTP Username Enumeration
   39  auxiliary/scanner/tftp/ipswitch_whatsupgold_tftp      2011-12-12       normal  No     IpSwitch WhatsUp Gold TFTP Directory Traversal
   40  auxiliary/scanner/tftp/netdecision_tftp               2009-05-16       normal  No     NetDecision 4.2 TFTP Directory Traversal
   41  auxiliary/scanner/tftp/tftpbrute                                       normal  No     TFTP Brute Forcer
   42  auxiliary/server/capture/ftp                                           normal  No     Authentication Capture: FTP
   43  auxiliary/server/ftp                                                   normal  No     FTP File Server
   44  auxiliary/server/pxeexploit                                            normal  No     PXE Boot Exploit Server
   45  auxiliary/server/tftp                                                  normal  No     TFTP File Server
   46  auxiliary/server/wget_symlink_file_write              2014-10-27       normal  No     GNU Wget FTP Symlink Arbitrary Filesystem Access


Interact with a module by name or index. For example info 46, use 46 or use auxiliary/server/wget_symlink_file_write