diff --git a/network-services-pentesting/pentesting-ftp/README.md b/network-services-pentesting/pentesting-ftp/README.md index 96dca9e1a..fa72388a3 100644 --- a/network-services-pentesting/pentesting-ftp/README.md +++ b/network-services-pentesting/pentesting-ftp/README.md @@ -133,25 +133,6 @@ Anon login and bounce FTP checks are perform by default by nmap with **-sC** opt nmap --script ftp-* -p 21 ``` -### Post-Exploitation - -The default configuration of vsFTPd can be found in `/etc/vsftpd.conf`. In here, you could find some dangerous settings: - -* `anonymous_enable=YES` -* `anon_upload_enable=YES` -* `anon_mkdir_write_enable=YES` -* `anon_root=/home/username/ftp` - Directory for anonymous. -* `chown_uploads=YES` - Change ownership of anonymously uploaded files -* `chown_username=username` - User who is given ownership of anonymously uploaded files -* `local_enable=YES` - Enable local users to login -* `no_anon_password=YES` - Do not ask anonymous for password -* `write_enable=YES` - Allow commands: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE, and SITE - -### Shodan - -* `ftp` -* `port:21` - ## Browser connection You can connect to a FTP server using a browser (like Firefox) using a URL like: @@ -226,8 +207,28 @@ Anyway, here you have an [old example about how to abuse this to make a FTP serv ftpusers ftp.conf proftpd.conf +vsftpd.conf ``` +### Post-Exploitation + +The default configuration of vsFTPd can be found in `/etc/vsftpd.conf`. In here, you could find some dangerous settings: + +* `anonymous_enable=YES` +* `anon_upload_enable=YES` +* `anon_mkdir_write_enable=YES` +* `anon_root=/home/username/ftp` - Directory for anonymous. +* `chown_uploads=YES` - Change ownership of anonymously uploaded files +* `chown_username=username` - User who is given ownership of anonymously uploaded files +* `local_enable=YES` - Enable local users to login +* `no_anon_password=YES` - Do not ask anonymous for password +* `write_enable=YES` - Allow commands: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE, and SITE + +### Shodan + +* `ftp` +* `port:21` + ## HackTricks Automatic Commands ```