hacktricks/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md
Carlos Polop 495183ab52 a
2024-08-04 17:08:37 +02:00

4.6 KiB

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

Instantly available setup for vulnerability assessment & penetration testing. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.

{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}

Resume

If you have access to a bounce FTP server, you can make it request files of other FTP server where you know some credentials and download that file to your own server.

Requirements

  • FTP valid credentials in the FTP Middle server
  • FTP valid credentials in Victim FTP server
  • Both server accepts the PORT command bounce FTP attack
  • You can write inside some directory of the FRP Middle server
  • The middle server will have more access inside the Victim FTP Server than you for some reason this is what you are going to exploit

Steps

  1. Connect to your own FTP server and make the connection passive pasv command to make it listen in a directory where the victim service will send the file
  2. Make the file that is going to send the FTP Middle server t the Victim server the exploit. This file will be a plaint text of the needed commands to authenticate against the Victim server, change the directory and download a file to your own server.
  3. Connect to the FTP Middle Server and upload de previous file
  4. Make the FTP Middle server establish a connection with the victim server and send the exploit file
  5. Capture the file in your own FTP server
  6. Delete the exploit file from the FTP Middle server

For a more detailed information check the post: http://www.ouah.org/ftpbounce.html

Instantly available setup for vulnerability assessment & penetration testing. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.

{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}