Lucene search
+L

Anonymous FTP Access Detection

🗓️ 06 Jun 2008 04:29:41Reported by Matteo Cantoni <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 39 Views

Anonymous FTP Access Detection module by Matteo Cantoni. It detects anonymous FTP server access for read/write and read-only

Code
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Ftp
  include Msf::Auxiliary::Scanner
  include Msf::Auxiliary::Report

  def initialize
    super(
      'Name'        => 'Anonymous FTP Access Detection',
      'Description' => 'Detect anonymous (read/write) FTP server access.',
      'References'  =>
        [
          ['URL', 'https://en.wikipedia.org/wiki/File_Transfer_Protocol#Anonymous_FTP'],
        ],
      'Author'      => 'Matteo Cantoni <goony[at]nothink.org>',
      'License'     => MSF_LICENSE
    )

    register_options(
      [
        Opt::RPORT(21),
      ])
  end

  def run_host(target_host)

    begin

      res = connect_login(true, false)

      banner.strip! if banner

      dir = Rex::Text.rand_text_alpha(8)
      if res
        write_check = send_cmd(['MKD', dir] , true)

        if write_check && write_check =~ /^2/
          send_cmd( ['RMD', dir] , true)

          print_good("#{target_host}:#{rport} - Anonymous READ/WRITE (#{banner})")
          access_type = 'Read/Write'
        else
          print_good("#{target_host}:#{rport} - Anonymous READ (#{banner})")
          access_type = 'Read-only'
        end
        register_creds(target_host, access_type)
      end

      disconnect

    rescue ::Interrupt
      raise $ERROR_INFO
    rescue ::Rex::ConnectionError, ::IOError
    end
  end

  def register_creds(target_host, access_type)
    # Build service information
    service_data = {
      address: target_host,
      port: datastore['RPORT'],
      service_name: 'ftp',
      protocol: 'tcp',
      workspace_id: myworkspace_id
    }

    # Build credential information
    credential_data = {
      origin_type: :service,
      module_fullname: self.fullname,
      private_data: datastore['FTPPASS'],
      private_type: :password,
      username: datastore['FTPUSER'],
      workspace_id: myworkspace_id
    }

    credential_data.merge!(service_data)
    credential_core = create_credential(credential_data)

    # Assemble the options hash for creating the Metasploit::Credential::Login object
    login_data = {
      access_level: access_type,
      core: credential_core,
      last_attempted_at: DateTime.now,
      status: Metasploit::Model::Login::Status::SUCCESSFUL,
      workspace_id: myworkspace_id
    }

    login_data.merge!(service_data)
    create_credential_login(login_data)
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Feb 2022 23:22Current
7.1High risk
Vulners AI Score7.1
39