Search the Community

I have done this before but it has been forever and I can't find how I used to do it. Using nmap, I have a list of ip addresses I want to scan on only port 21. My breakdown would be to tell nmap to check a txt file for the ip's and then scan each one for accessible ports on port 21 and return a list of those ports. In case there is a better way than I have stated here is more info on what I am doing. I used an old spider I wrote years ago to locate ftp's that are open (no user/pass) and it made me a txt file of the ones it found. Used to this list would mean I only had to ftp in and I was ok. But now for some reason the list it returned of ip's will only let me ftp into maybe 1 out of every 4 or 5. This spider I wrote back in 99 or 2000 so things have changed somewhere. I have not needed to do this for that long so it has been sitting. Now I have a need to locate open/unsecured ftps and have spent the day trying to find a better way between taking calls so I am finally asking for help! Thanks

At first: Sorry for my bad English, I´m german and only 14 years old. I upload an .exe file from my computer to my FTP Server with the FTP.exe(cmd). Before I did that it was working just fine. But after I downloaded it, it comes up with the following error: "The file is not compatible with your computer." Before that, it came up with another error, something like "not compatible with a 64 Bit System. I accidently asked the question on StackOverflow 2 hours ago, and some people answered that I have to active binary mode. When I do that with the "binary" command, I get an answer that the activation was successful, but it isn´t working anyways. The .exe looks identical after download, but instead of having the old icon it shows up the standard .exe icon. I do not want to use another FTP program like FileZilla or ncftp (I tried it with FileZilla, it isn´t working either, so I don´t think, that FTP.exe is the problem here. The commands I used + Output(maybe the translation isn´t correct, but I think you know what the output meant): C:\WINDOWS\system32>ftp myftpserver.com Connection to icarus.bplaced.net established. 220 Welcome to myftpserver.com, FTP server standing by ... 504 Unknown command User (myftpserver.com:(none)): user 331 Hello user, your FTP account password is required: password: password 230-Login successful, your current directory is / 230 34349 Kbytes used (3%) - authorized: 1048576 Kb ftp> binary 200 TYPE is now 8-bit binary ftp> get example.exe 200 PORT command successful 150-Connecting to port 61051 150 347.5 kbytes to download 226-File successfully transferred 226 1.648 seconds (measured here), 210.83 Kbytes per second FTP: 355794 bytes received in 1.91 seconds 186.38KB/s ftp> Thanks and greetings, c0ntriX Edit: I´m owning a 64-Bit System.

I wanted to make a Rubber Ducky Script that uploads or downloads from my FTP Server. I came up with these commands: For downloading: ftp -i ftpserver.com *typing in username and pass* get file.exe (yes the files is in the root folder) The login worked fine. On my first FTP Server, I got the Error message " Error 500 Unable to service PORT commands" . After some research, I found out, that the ftp.exe does not support passive mode (no, the pasv command didn´t work). For whatever reason, i tried it on my other servers. So I´m typing everything in again, and then I get the message "200 Port command successful" and a few seconds after that "425 Could not open data connection to port 65086: Connection timed out" (no, the server wasn´t down). For uploading I used these commands: ftp -i ftpserver.com *typing in username and pass* lcd C:\Users\myname\Desktop put myfile.exe With this commands i get the same error as on Server 1 and 2. Can anyone help me? contrix_ ;)

I liked the USB Exfiltrator so much I wanted to try and make one that was able to grab everything and dump it to a FTP site. This way if there are large/many documents it wouldn't fill up the BashBunny. Script is pretty simple, it executes a PowerShell script that clears the run history and then starts uploading the users documents directory. It will keep PowerShell running in the background so if there are a lot of files or large files go ahead on unplug the BB once the status light is green, it will just keep going. Still new to this and know there will be some bug or errors so welcome any feedback. https://github.com/nutt318/bashbunny-payloads/tree/master/payloads/library/ftp_exfiltrator

Video Instructions replace Ftp info in script with your own and then put ProcDump files in your ftp home directory. Ps: Tweak the delays and you may end up with exactly a 10 sec pass grab in my case it ended up 12 to 13 seconds due to longer delay before ALT y also to make it even faster remove some of the script that just cleans up the files afterwards it un-necessary. ---------------------------------------------------------------------------------------------------------------- Please note windows 10 pin 4 digit # passwords won't be picked up and sometimes regular ones wont either but every OS below 10 is fine. Get ProcDump here: " https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx " Get Ducky Script here: " https://drive.google.com/open?id=0B3crm3FU22teNnBjblduSlhxcTA "

so i found ftp server which have anonymous login and it have a banner that says 220 Microsoft FTP Service User (xxxxxxxxxxxxxx.xxx:(none)): and the anonymous LOGIN user is ftp but if you try to update anything its says ftp> mkdir bd 550 bd: Access is denied. ftp> so is there any thing that can edit or enables and give su to ftp server.

For some reason my vsftpd.conf file allows the system users, added using useradd and groupadd commands to browse other directories - even though I set the jailed option. Can anyone figure out what I did wrong in vsftpconf. I want clients to RW and browse just one directory! Its like vsftp auto logs into the root directory. Here’s how it looks: listen=YES anonymous_enable=NO local_enable=YES write_enable=YES #local_umask=022 use_localtime=YES xferlog_enable=YES chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem

Hi Folks, I wanted to share a new script I developed that shows a proof of concept for a rubber ducky and Windows Credential Editor (WCE) script that would would do the following: 1.) Disable Antivirus for 15 minutes which is default. (This must be done to avoid signiture detection of WCE executable) 2.) FTP to attacker machine on the network, downloading the 32-bit & 64-bit version of WCE 3.) Script then executes both versions, sending the output to a text file with the computer name as the variable of the file name. Note: One executable will fail (64 or 32 bit), but it will not write to the output file. 4.) Script will then upload the file containing cleartext passwords for users logged in based on LSASS memory 5.) The script will then remove all WCE executables as well the cleartext password file created before the antivirus program automatically start. Then closes all appropriate windows The video demo can be found at: http://youtu.be/IqUci4buvvM Below is a copy of the script. Note: This is a proof of concept and will need to be tweaked per environment and penetration testing engagement. ---------------------------------------------------------------------------------------------------------------------------------------------- code below: ------------------------------------------------------------------------------------------------------------------------