Full Disclosure mailing list archives
[ TOOL ] winftprecon - Windows FTP SITE STATS poller for enumeration purposes
From: "tom () ashrae be" <tom () ashrae be>
Date: Mon, 13 Jul 2009 14:47:53 +0200
winftprecon is a tool to poll a Windows FTP service for the output of the SITE STATS command. The SITE STATS command gives out statistics on the FTP service which can be used for simple statistics purposes but also for remote enumeration of the FTP service for attack and penetration purposes. For example, when were uploads/downloads performed? When do most users log on to the service e.g. when would it hurt the target to perform a DoS attack? Do the IP ID values of the target increment and does this correspond with major file uploads or downloads? Can you hijack or break the high ports of the host while these transfers are in progress? The advantages of having this kind of information has been demonstrated during several talks emphasizing the importance of enumeration and fingerprinting of a remote target. One of them being the "Tactical Exploitation Talk" at Defcon two years ago: http://www.metasploit.org/data/confs/blackhat2007/tactical_blackhat2007.pdf (slide 34 gives an example on what can be extracted and visualized with winftprecon) In general, the output of the SITE STATS command if supported and enabled consists of a list of FTP commands that were issued towards the FTP service and how many times in the form of a number. The information is automatically saved in CSV format or a sqlite3 database as dataset for statistics and enumeration of the ftp service to obtain valuable information towards attack/assessment planning. Downloadable at http://www.ashrae.be/tom/tools/winftprecon0.9.tgz or PacketStorm Security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [ TOOL ] winftprecon - Windows FTP SITE STATS poller for enumeration purposes tom () ashrae be (Jul 13)