信息收集,nmap扫描
Samba枚举
nmap -p 445 --script=smb-enum-shares.nse,smb-enum-users.nse target
进行smb连接
递归下载文件(不用用户名密码)smbget -R smb://<ip>/anonymous
111端口
This is just an server that converts remote procedure call (RPC) program number into universal addresses. When an RPC service is started, it tells rpcbind the address at which it is listening and the RPC program number its prepared to serve.
在我们的这个场景下,111接入网络文件系统 network file system,用nmap脚本扫一下
nmap -p 111 --script=nfs-ls,nfs-statfs,nfs-showmount target
ProFtpd攻击
相关连接:http://www.proftpd.org/docs/contrib/mod_copy.html
The mod_copy module implements SITE CPFR and SITE CPTO commands, which can be used to copy files/directories from one place to another on the server. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination.
