Introduction and question

This topic contains 1 reply, has 2 voices, and was last updated by  UKSecurityGuy 5 years, 11 months ago.

  • Author
    Posts
  • #8596
     zpwr 
    Participant

    Hello EH community,

    I’m Daniel, i’m currently studying Computer Security in Ontario.

    Theres a million different threads on the forums, and I didn’t know where to post so I decided to post here.

    Just a quick question, for my Penetration Testing course, I need to exploit some vulnerabilities using whatever means I want on a vulnerable machine of my own. I want exploit a FTP server. With the anonymous access enabled, and I have a successful login, how would I get root prompt access (considering its a linux machine) from the ftp login?

    Let me know your ideas/thoughts.
    I apologize if I posted in the wrong area.

    Daniel

  • #53556
     UKSecurityGuy 
    Participant

    Hi Daniel, welcome to the forums.

    Your question makes me a little nervous, it comes across as a “I’ve found this machine on the internet with anonymous FTP access enabled and I want to hack it”, rather than a learning experience, but I’ll give you the benefit of the doubt.

    Assuming this a course, and if it’s anonymous FTP acess to root, I’d guess the host has been purposely made insecure. In which case I’d look into:

    1. If SSH is also enabled and if the FTP allows full filesystem browsing, look into shadow/passwd files for a account you can easily crack, and then SSH into the machine, and then priv escalate yourself to root with sudo or su

    2. If the machine is running a webserver and you can upload data into it via FTP, I’d upload a webshell and use that to gain shell access. Then sudo, su or local priv exploit yourself to root.

    Hopefully that will give you enough of a starter to help out.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?