Using Metasploit to Enumerate Anonymous FTP Servers and some... In this lab, we're going to take our Metasploit knowledg
Posted: Fri May 20, 2022 10:28 am
Using Metasploit to Enumerate Anonymous FTP Servers and
some...
In this lab, we're going to take our Metasploit knowledge to the
next level for the purpose of reconnaissance. FTP servers that
allow anonymous access, whether read-only or with write access, can
be an attacker's dream since FTP servers are generally available to
hosts outside of an organization's network.
Step 1: To save your terminal output to a file for this lab
activity, type the following command in the terminal. At the end of
the lab activity, type Control-D to
terminate this command.
Step 2: Verify that Kali and Metasploitable 2 are running.
Step 3: Use the information you learned in the first lab
activity to use the following module in Metasploit.
Step 4: In a real scenario, you would set the RHOSTS variable to
the network range of choice. For this lab, set RHOSTS to the IP
address of the Metasploitable 2 VM.
Step 5: Observe your results. Does the FTP server accept
anonymous logins? When we get to the exploit section of this class,
we will explore exploiting FTP server vulnerabilities.
Step 6: Let's try another scan to enumerate as many accounts as
possible. Use the following module in Metasploit.
Step 7: Perform show options on this
module and review the variables. In this module, you'll see that
there are more options that can be set. There are quite a few
variables that are not required, however, if you don't set them,
this scan won't be very effective. For this lab activity, we are
limiting the scope to only enumerating users. There are other more
efficient ways to do this, but let's examine using a wordlist to
enumerate which users exist for the FTP server on port 21 (There
are 2 FTP daemons running on this host).
Step 8: For demonstration purposes, we will create our own
username list, however, you can search and download much larger
lists. Save them in the /usr/share/wordlists/metasploit
subdirectory. Type the following commands to create a small
username list
Step 9: Next, set the following variables, RHOSTS, RPORTS,
USER_AS_PASS and USER_FILE. The USER_AS_PASS variable, when set to
TRUE, will attempt to log in as the user with the password as the
username.
Step 10: Issue the Run command to view any matches. Did you find
a match? You should have found one match.
Step 11: Turn in Lab Activity
some...
In this lab, we're going to take our Metasploit knowledge to the
next level for the purpose of reconnaissance. FTP servers that
allow anonymous access, whether read-only or with write access, can
be an attacker's dream since FTP servers are generally available to
hosts outside of an organization's network.
Step 1: To save your terminal output to a file for this lab
activity, type the following command in the terminal. At the end of
the lab activity, type Control-D to
terminate this command.
Step 2: Verify that Kali and Metasploitable 2 are running.
Step 3: Use the information you learned in the first lab
activity to use the following module in Metasploit.
Step 4: In a real scenario, you would set the RHOSTS variable to
the network range of choice. For this lab, set RHOSTS to the IP
address of the Metasploitable 2 VM.
Step 5: Observe your results. Does the FTP server accept
anonymous logins? When we get to the exploit section of this class,
we will explore exploiting FTP server vulnerabilities.
Step 6: Let's try another scan to enumerate as many accounts as
possible. Use the following module in Metasploit.
Step 7: Perform show options on this
module and review the variables. In this module, you'll see that
there are more options that can be set. There are quite a few
variables that are not required, however, if you don't set them,
this scan won't be very effective. For this lab activity, we are
limiting the scope to only enumerating users. There are other more
efficient ways to do this, but let's examine using a wordlist to
enumerate which users exist for the FTP server on port 21 (There
are 2 FTP daemons running on this host).
Step 8: For demonstration purposes, we will create our own
username list, however, you can search and download much larger
lists. Save them in the /usr/share/wordlists/metasploit
subdirectory. Type the following commands to create a small
username list
Step 9: Next, set the following variables, RHOSTS, RPORTS,
USER_AS_PASS and USER_FILE. The USER_AS_PASS variable, when set to
TRUE, will attempt to log in as the user with the password as the
username.
Step 10: Issue the Run command to view any matches. Did you find
a match? You should have found one match.
Step 11: Turn in Lab Activity