Re: Nmap NSE ftp-anon

[Abuse007 <abuse007 () gmail com>]

Review the source of the script. Is it meant to dump the directory listing or just report anonymous access is possible? 
(I haven't checked myself)

On 05/11/2010, at 12:50 AM, "Doyle, Jason (10090)" <jason.doyle () protiviti com> wrote:

> Hello,
>
> I was curious to see if anyone has been able to get Nmap's ftp-anon.nse script to actually list the content on an 
> accessible ftp server. I've tried various ftp server versions and, although the script detects anonymous access, it 
> won't list the contents.
>
> http://nmap.org/nsedoc/scripts/ftp-anon.html
>
> Here's the Nmap syntax I've tried:
>
> root@bt:/scripts# nmap -sV -sC -p21 192.168.0.1
>
> Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-26 15:02 EDT
> Nmap scan report for 192.168.0.1
> Host is up (0.00091s latency).
> PORT   STATE SERVICE VERSION
> 21/tcp open  ftp     FileZilla ftpd 0.9.36 beta
> |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
> |_ftp-bounce: bounce working!
> MAC Address: 00:0C:29:99:74:11 (VMware)
> Service Info: OS: Windows
>
> root@bt:/scripts# nmap --script=ftp-anon -p21 192.168.0.1
>
> Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-26 15:03 EDT
> Nmap scan report for 192.168.0.1
> Host is up (0.00032s latency).
> PORT   STATE SERVICE
> 21/tcp open  ftp
> |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
> MAC Address: 00:0C:29:99:74:11 (VMware)
>
>
> The tested FTP server does contain content. Any thoughts?
>
> Thanks,
>
> Jason Doyle
> Senior Consultant
> tel: +1 813.348.3385 fax: +1 813.348.3455
> jason.doyle () protiviti com
> www.protiviti.com
>
>
>
> ------------------------------------------------------------------------------
> NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and 
> advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on 
> financial statements or offer attestation services. 
>
>
>
>
> This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This 
> message, together with any attachment, may contain confidential and privileged information. Any views, opinions or 
> conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of 
> Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or 
> distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender 
> by reply email message to the sender and delete all copies of this message. Thank you. 
> ==============================================================================
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------