I’m Daniel, i’m currently studying Computer Security in Ontario.
Theres a million different threads on the forums, and I didn’t know where to post so I decided to post here.
Just a quick question, for my Penetration Testing course, I need to exploit some vulnerabilities using whatever means I want on a vulnerable machine of my own. I want exploit a FTP server. With the anonymous access enabled, and I have a successful login, how would I get root prompt access (considering its a linux machine) from the ftp login?
Let me know your ideas/thoughts.
I apologize if I posted in the wrong area.
Your question makes me a little nervous, it comes across as a “I’ve found this machine on the internet with anonymous FTP access enabled and I want to hack it”, rather than a learning experience, but I’ll give you the benefit of the doubt.
Assuming this a course, and if it’s anonymous FTP acess to root, I’d guess the host has been purposely made insecure. In which case I’d look into:
1. If SSH is also enabled and if the FTP allows full filesystem browsing, look into shadow/passwd files for a account you can easily crack, and then SSH into the machine, and then priv escalate yourself to root with sudo or su
2. If the machine is running a webserver and you can upload data into it via FTP, I’d upload a webshell and use that to gain shell access. Then sudo, su or local priv exploit yourself to root.
Hopefully that will give you enough of a starter to help out.
Viewing 1 reply thread
You must be logged in to reply to this topic.
– EH-Net Live!Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!