1
00:00:00,630 --> 00:00:09,360
‫Now, as you probably already know, file transfer protocol, or FTP, is used for the transfer of files

2
00:00:09,360 --> 00:00:12,450
‫between a client and a server using Port 21.

3
00:00:14,960 --> 00:00:19,730
‫Poorly configured FTP servers can be a good foothold.

4
00:00:20,970 --> 00:00:29,040
‫So you can run some MSF modules to enumerate FTP servers and gain some important information, such

5
00:00:29,040 --> 00:00:31,380
‫as software version, banner info and all that.

6
00:00:33,110 --> 00:00:34,340
‫Aside from that.

7
00:00:35,430 --> 00:00:40,950
‫The FTP servers authenticate users with a clear text sign in mechanism.

8
00:00:41,960 --> 00:00:46,280
‫Moreover, it can sometimes allow anonymous login.

9
00:00:47,880 --> 00:00:50,700
‫So why don't we enumerate an FTP service?

10
00:00:51,870 --> 00:00:56,220
‫So let's have a look and see which hosts have FTP services.

11
00:00:57,630 --> 00:00:59,280
‫All right, so both of them have.

12
00:01:00,590 --> 00:01:09,830
‫But sometimes administrators use different ports for the services, so let's try a search with the best

13
00:01:09,860 --> 00:01:10,460
‫parameter.

14
00:01:11,120 --> 00:01:17,840
‫And just like that, you can find all the FTP servers that DB and MAP Command discovered.

15
00:01:19,580 --> 00:01:24,560
‫And yes, as you see here, there's an active service running on 21 21.

16
00:01:25,640 --> 00:01:29,810
‫And then you'll get this list if you search for FTP auxiliaries.

17
00:01:31,320 --> 00:01:33,090
‫And I'll just use these ones here.

18
00:01:35,270 --> 00:01:44,660
‫Use auxiliary scanner FTP and F.T. version module show options.

19
00:01:45,770 --> 00:01:46,640
‫I think he said.

20
00:01:47,800 --> 00:01:49,300
‫So let's run the module.

21
00:01:50,430 --> 00:01:52,020
‫And as a result.

22
00:01:53,940 --> 00:01:57,570
‫Now, you can do the same process for every FTP board.

23
00:01:58,780 --> 00:02:06,850
‫But here's an important point, if you get the version, look for vulnerabilities on the Internet or

24
00:02:06,850 --> 00:02:07,540
‫somewhere else.

25
00:02:08,570 --> 00:02:15,080
‫So what I'll do is I'll copy and then search Google or whatever your favorite search engine is.

26
00:02:17,170 --> 00:02:24,280
‫And you see these FDP has a vulnerability for this particular version and even Métis Point as a model

27
00:02:24,280 --> 00:02:24,670
‫for this.

28
00:02:25,900 --> 00:02:28,750
‫So make a note of that, because you will use it later.

29
00:02:29,380 --> 00:02:36,460
‫Oh, and by the way, this is a lab environment, remember, but the logic is 100 percent the same as

30
00:02:36,460 --> 00:02:38,320
‫in any real penetration testing.

31
00:02:40,110 --> 00:02:41,550
‫So I'll use another module.

32
00:02:43,480 --> 00:02:44,610
‫FTP.

33
00:02:44,980 --> 00:02:45,700
‫Log in.

34
00:02:47,370 --> 00:02:51,840
‫Showing options and here are the final variables.

35
00:02:53,280 --> 00:02:55,770
‫So I'm going to allow blank passwords.

36
00:02:56,870 --> 00:02:59,300
‫And username as password.

37
00:03:01,260 --> 00:03:07,200
‫And here on set user parse file to my FTP dictionary file.

38
00:03:08,350 --> 00:03:13,270
‫I'll create this list from the same address that I did for my ask school.

39
00:03:14,400 --> 00:03:15,030
‫All right.

40
00:03:16,390 --> 00:03:17,230
‫Run the module.

41
00:03:19,450 --> 00:03:24,160
‫And I think you'll probably find one bear, so make a note of that to.

42
00:03:26,710 --> 00:03:28,150
‫Now, one more module.

43
00:03:29,370 --> 00:03:33,690
‫Some FTP modules allow for anonymous logins.

44
00:03:34,470 --> 00:03:40,800
‫So when you perform a vulnerability scan, you probably are going to get this finding.

45
00:03:41,750 --> 00:03:48,710
‫But you can quickly check to see if any of his covered FTP services allowances.

46
00:03:49,220 --> 00:03:51,590
‫That's why this module is so handy.

47
00:03:52,590 --> 00:03:53,520
‫So options.

48
00:03:54,900 --> 00:03:59,220
‫OK, so I'll need to configure nothing, so I'll just run the module.

49
00:04:00,590 --> 00:04:06,650
‫And the result comes up pretty quickly, so, yeah, you can connect this FTP service on Métis voidable

50
00:04:06,650 --> 00:04:08,540
‫to anonymously.

51
00:04:09,900 --> 00:04:15,140
‫So now that we got the hang of that, let's enumerate some other services.