Anonymous FTPAdvanced Penetration Testing Course

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Tagged: , ,

This topic contains 22 replies, has 7 voices, and was last updated by  I.X.L 3 years, 6 months ago.

Viewing 20 posts - 1 through 20 (of 23 total)
  • Author
  • #19069

    Two Wolves

    What all can you do when you find an anon FTP? Just use it as a dropbox for files, or is it possible to upload backdoor code and execute it? I am in Exploitation Part 1 of Advanced Pen Testing, and uploading backdoor PHP code is pretty cool. Can you do anything like that with an FTP server?



    1st find out what FTP server and version is running. Take a look at using nmap for this:

    You can use nmap to scan for the open ports and the versions of the services running on those ports. After that you can use Metasploit in Kali to find any exploits related to FTP service you find.

    You can also take that information and search for potential exploits on sites such as

    I hope that helps.


    Johan Grotherus

    As for nmap, also check out the scripts that come with nmap that can check for certain ftp vulnerabilities. You can find a list of all nmap scripts at



    Johan, thanks so much for that link.i hadn’t come across that yet with nmap, still a n00b. But from what ive learned regarding nmap so far in my lan these scripts look like serious effiencies for target recon



    For a bit more context surrounding johan’s recommendation check out the high level overview first.


    The Son of a Widow

    What directory are you allowed to upload to? Is there an HTTP Web Server running on the box? What’s stopping you from uploading a Web Shell and browsing to the file? Sure nmap and service related vulnerabilities are something you want to use and check for, but if you’re allowed to upload to a web server somewhere, you can absolutely get a shell in most cases. If they were dull enough to allow Anonymous FTP access, wonder what else they were dull enough to do.


    Two Wolves


    That’s more what I was referring to. Yes, lets suppose its a Web Server and they happen to have an anon FTP running as well. What modules could I use in metasploit to upload to the file server? Something similar to the PHP Simple Backdoor Georgia used in Exploitation?



    some times if the FTP is not configured correctly you and traverse to other directories that will allow you to gather useful data.


    The Son of a Widow

    Yes Two Wolves.

    However if you don’t have permission to attack the web server in the first place, you shouldn’t be playing around.



    Thanks gentlemen. You all just taught me something. I need to dig much deeper.


    Two Wolves

    David, that goes without saying. I am working out of VM’s, and have a filezilla server operating on XP. Just wondering what the proper method would be to upload something malicious and leverage it, as nothing I’ve tried yet has worked.



    most of the topic in advance penetration is not on a video file, can any recommendation be made on that.



    Can you leverage netcat in this scenario to get a reverse shell?


    Two Wolves

    I don’t think so, not without code execution. You would have to upload a file with a malicious payload and wait for a user on the FTP server to access it, or (speculation) upload a backdoor like the PHP backdoor shown in the videos and execute code that way. That’s what I want more explanation on, if anybody could provide it.

    How would you upload something to begin executing code or gain a backdoor? Is it heavily dependent on the FTP software/version in play, or is there something that will work on any FTP server if the anonymous account has write privileges?



    I’m sure I came across this scenario in my travels. I’ll dig deeper into this. I’ll need to set this scenario up in my lab and try a few things. I’ll get back to you.



    @twowolves – what is the webserver? IIS / Apache? Did you fingerprint the OS?



    @twowolves – you have write permisions? I assume you do if you are placing a file on the server



    @cisp – So to be a n00b and not l33t would you mind sharing a techniques to get the shell or reverse shell. I’m looking into it but gotta stop for a bit.

    I’m not trying to get out of my due dilligence research. I’m just a n00b looking for a tip so that I can work backwards from the exploit to the understanding the pieces and why it worked and how.



    @twowolves – I gotta bounce for a while. I’ll let you know what I find when I jump back in tomorrow. I feel like I should know this and the answer is probably very straight forward.

    You’re target environment from my understanding is: Filezilla server operating on XP

    If anyone else has a solution for this please post it or post the resources to get to it 😉



    I’ll take a look at the Metasploit modules and see what i find.

Viewing 20 posts - 1 through 20 (of 23 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?