mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 04:33:28 +00:00
GitBook: [master] 4 pages modified
This commit is contained in:
parent
9d73005b51
commit
a5c0d16ec8
2 changed files with 3 additions and 7 deletions
|
@ -2,8 +2,6 @@
|
||||||
|
|
||||||
{% embed url="https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/\#python-tty-shell-trick" %}
|
{% embed url="https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/\#python-tty-shell-trick" %}
|
||||||
|
|
||||||
{% embed url="https://rmusser.net/docs/Privilege%20Escalation%20&%20Post-Exploitation.html" %}
|
|
||||||
|
|
||||||
{% embed url="https://hausec.com/pentesting-cheatsheet/\#\_Toc475368982" %}
|
{% embed url="https://hausec.com/pentesting-cheatsheet/\#\_Toc475368982" %}
|
||||||
|
|
||||||
{% embed url="https://anhtai.me/pentesting-cheatsheet/" %}
|
{% embed url="https://anhtai.me/pentesting-cheatsheet/" %}
|
||||||
|
@ -16,8 +14,6 @@
|
||||||
|
|
||||||
{% embed url="https://chryzsh.gitbooks.io/pentestbook/basics\_of\_windows.html" %}
|
{% embed url="https://chryzsh.gitbooks.io/pentestbook/basics\_of\_windows.html" %}
|
||||||
|
|
||||||
{% embed url="http://www.0daysecurity.com/penetration-testing/enumeration.html" %}
|
|
||||||
|
|
||||||
{% embed url="https://github.com/wwong99/pentest-notes/blob/master/oscp\_resources/OSCP-Survival-Guide.md" %}
|
{% embed url="https://github.com/wwong99/pentest-notes/blob/master/oscp\_resources/OSCP-Survival-Guide.md" %}
|
||||||
|
|
||||||
{% embed url="https://anhtai.me/oscp-fun-guide/" %}
|
{% embed url="https://anhtai.me/oscp-fun-guide/" %}
|
||||||
|
|
|
@ -82,7 +82,7 @@ Source: [https://www.thesecuritybuddy.com/vulnerabilities/what-is-ftp-bounce-att
|
||||||
### Anonymous login
|
### Anonymous login
|
||||||
|
|
||||||
_anonymous : anonymous
|
_anonymous : anonymous
|
||||||
anonymous :
|
anonymous :
|
||||||
ftp : ftp_
|
ftp : ftp_
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
@ -110,7 +110,7 @@ Anon login and bounce FTP checks are perform by default by nmap with **-sC** opt
|
||||||
|
|
||||||
## Browser connection
|
## Browser connection
|
||||||
|
|
||||||
You can connect to a FTP server using a browser \(like Firefox\) using a URL like:
|
You can connect to a FTP server using a browser \(like Firefox\) using a URL like:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ftp://anonymous:anonymous@10.10.10.98
|
ftp://anonymous:anonymous@10.10.10.98
|
||||||
|
@ -149,7 +149,7 @@ Some FTP servers allow the command PORT. This command can be used to indicate to
|
||||||
|
|
||||||
[**Learn here how to abuse a FTP server to scan ports.**](ftp-bounce-attack.md)\*\*\*\*
|
[**Learn here how to abuse a FTP server to scan ports.**](ftp-bounce-attack.md)\*\*\*\*
|
||||||
|
|
||||||
You could also abuse this behaviour to make a FTP server interact with other protocols. You could **upload a file containing an HTTP request** and make the vulnerable FTP server **send it to an arbitrary HTTP server** \(_maybe to add a new admin user?_\) or even upload a FTP request and make the vulnerable FTP server download a file for a different FTP server.
|
You could also abuse this behaviour to make a FTP server interact with other protocols. You could **upload a file containing an HTTP request** and make the vulnerable FTP server **send it to an arbitrary HTTP server** \(_maybe to add a new admin user?_\) or even upload a FTP request and make the vulnerable FTP server download a file for a different FTP server.
|
||||||
The theory is easy:
|
The theory is easy:
|
||||||
|
|
||||||
1. **Upload the request \(inside a text file\) to the vulnerable server.** Remember that if you want to talk with another HTTP or FTP server you need to change lines with `0x0d 0x0a`
|
1. **Upload the request \(inside a text file\) to the vulnerable server.** Remember that if you want to talk with another HTTP or FTP server you need to change lines with `0x0d 0x0a`
|
||||||
|
|
Loading…
Reference in a new issue