Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: simulating FTP bounce attack using nmap

From: majek04 <majek04+nmap-dev () gmail com>
Date: Fri, 31 Aug 2007 13:47:43 +0200
On 8/31/07, Mbzaman L <query.security () gmail com> wrote:

Greeting All,

    I am trying to simulate the old FTP bounce attack . This is an old
attack
    and I believe most of the FTP servers available today are not prone to
such
    type of attacks.
    I am using vsftpd package for implementing FTP server . Also using
anonymous user I can
    upload files to the  FTP server. The FTP server also supports passive
mode as the following
    commands shows...


Well, unfortunately anonymous user + PASV + upload is not enough for
ftp server to allow ftp bounce.

The server must allow "PORT" command with ip different than yours.

You can look at my NSE script for finding ftp bounce servers:
http://ai.pjwstk.edu.pl/~majek/private/nmap/ftpbounce.lua

In my script the key ftp command is (ip specified below is scanme.insecure.org):
PORT 205,217,153,62,80,80\r\n

Chers!
Marek Majkowski

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: