Nmap and Metasploit also allows to check FTP version. Metasploit also allow to check connection with anonymous account so if you have a big list of FTP servers you do not need to do manually one by one: 1 host: 192.168.1.10 login: anonymous password: anonymousġ of 1 target successfully completed, 3 valid passwords found Hydra -C /usr/share/seclist/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt You can automate this process using the ready list from the SecList package (in Kali Linux you can simple install it using command apt -y install seclists) and tool THC-Hydra. You can also try to check the standard ftp passwords and logins eg. Try to log in with an anonymous account and an empty password. | ftp-anon: Anonymous FTP login allowed (FTP code 230) This is why at the end of this article I will give you some tips how to protect your FTP server for attacks described below. All this to get connected to the server and gain access to secret data… nah, it is all to learn how to test FTP server security and be able to properly secure it. A small reconnaissance with possible attack types. Here you can find a few steps for FTP penetration testing.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |