.

FTP access ,,Help ?

<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Wed May 13, 2009 9:53 am

FTP access ,,Help ?

helloo again since no one answered my latest reply in my latest thread ima going to create new one here maybe some one will reply me :)

i just bruteforced my network FTP server 192.168.16.1 iknow the user and pass now  (Legal pen test)

i connected to this server with CuteFTP pro software to c wats files up there

i didn't find any files just blank :) if i did it wrong what should the next step after cracking the user and pass to be ?
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed May 13, 2009 11:07 am

Re: FTP access ,,Help ?

What do you mean by 'did it wrong'? What was your goal?
If it was just to test some bruteforce techniques..well, then you suceeded, right?
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed May 13, 2009 2:49 pm

Re: FTP access ,,Help ?

Maybe you cracked a username and password for a group account that was given access to only a certain folder, and that folder currently has nothing in it. If you didn't get error messages from CuteFTP and it reports that you connected successfully, then UNIX is right. You were successful. If you goal was to gain root access to the box, then your goals should be different.

Then again, if it was a legal pen test, IE it's just not for your company but that you have the permission of the admins of that box (or permission from their bosses), then report your findings. Maybe it fits exactly what the policy of your organization requires. Or try brute forcing an admin account. You could also try using the UN & PW that you brute forced on another box that is not an FTP Server. How about using those credentials on a domain controller?

Hope this helps,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed May 13, 2009 3:39 pm

Re: FTP access ,,Help ?

In addition to what Don said, and based on the fact that you seem to be doing some learning, aside of just brute-forcing the ftp, have you port scanned / detected services, etc, with tools like nmap, to see what else might be running and 'target-able' on the box?  Not only might the credentials let you into another box, like an AD Domain Controller, but they might also get you access to things like SQL, SMTP or other services, by which you can continue enumeration, information gathering and exploitation. 

Additionally, even having brute forced a credential and knowing it's valid, you could possibly use said username as an email address for the company, and use it for targeted phishing / client-side and social engineering attacks.

There are many directions I'd go, if this were a legitimate pentest, depending on the scope I'd set with the company or client, and the access I've been given.

HTH.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Wed May 13, 2009 6:08 pm

Re: FTP access ,,Help ?

first of all i accesses in Administrator right not reguler user its Admin and when i connected with cuteftp it succeded connected but no folders and about services yes i got some and alot of services runing on the server but i dont know wat and how to access through them all i got now is

FTP access to the server box with Admin as user -->> wat should i do as the next step if u have FTP access ?? 
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed May 13, 2009 6:24 pm

Re: FTP access ,,Help ?

Save a file from your client machine to the server using CuteFTP. Then go to the server itself and make sure it's there. If it is... success!

But again, is that all you want or did you really want root access to the machine itself?

Don
CISSP, MCSE, CSTA, Security+ SME
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Wed May 13, 2009 6:36 pm

Re: FTP access ,,Help ?

first i didn't get wat u mean Sir with save file from ur client machine ?

second look all i want to know to do real hack to this machine via FTP

is it possible ?

and dont worry my network owner my friend and he know so its legal but i wanna do real access on the machine
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed May 13, 2009 7:53 pm

Re: FTP access ,,Help ?

rebrov wrote:first i didn't get wat u mean Sir with save file from ur client machine ?

second look all i want to know to do real hack to this machine via FTP

is it possible ?

and dont worry my network owner my friend and he know so its legal but i wanna do real access on the machine


I'd like to believe that you ARE ethically hacking this server / network.  That said, again, we understand learning and what comes with it.  As Don said, your next step, if you truly have access, is to try to post a file to the server with your FTP client from your PC (your CuteFTP, or whatever you're running,) to see if A.) you have the rights to save to the server / filesystem at all, and B.) then try seeing where else you might  be able to upload to, if the server lets you browse outside the FTP home directories (such as to web root, or other accessible spots, where you might be able to post a malicious php file or something to run from a browser, and gain further access, etc.) 

FTP access, in and of itself, might NOT be enough to give you a full hack on the box, with 'real access on the machine,' as you so put it.  You might have to explore those other services you said you found, do some research on them, and see if they have flaws or security holes, or even if you can legitimately access the services with the username and password you have.  Gaining root on the server, for instance, might take a SQL injection exploit or other service vulnerability to be found and used, possibly with the credentials you've gathered.  If it's a true admin account that you managed to get, you might be able to connect with RPC and get further access on the box.  Or, it's possible, also, to get the banner from the running ftp server process, and see if the service, itself, is known to any security flaws.  (hint - research banner grabbing on Google, and you'll find many, MANY hits.)

All of these things take research, and to truly hack the box, you'll need to spend some time for yourself, studying up on them.  Simply having admin access to ftp isn't enough, if you don't know where else to go with it.  ONLY using ftp access, if the ftp server won't let you browse outside of the ftp home directory, will get you nothing, especially if, as you put it, the directory contents where you landed are truly blank, and if they don't allow, for instance, uploads, or executing php or other files / scripts from within them.

If you truly want to learn and understand, you might do better by first downloading and experimenting with the live de-ice distros and others, etc, and truly learn and understand what to do with service discovery, and exploit / vulnerability research.  There are tutorials posted online for many of the tasks on them, and they're good learning tools, to begin to learn how to think like a hacker, and exploit services, etc.

Anyway, I wish you luck, and unfortunately, I don't think there's much more we can tell you or help you with, at this point in the game.  Again, if all you've got is basic ftp access, even as an admin user, unless you spend the time digging further on other possible holes and services, I'm afraid you're stuck.  Rest assured, with enough time and effort, if you truly have valid credentials, you could probably succeed in getting full access / owning the box.  However, it's going to take some study, learning time, and hands on testing to do it.

Good luck, rebrov.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu May 14, 2009 12:15 am

Re: FTP access ,,Help ?

The tips given by Hayabusa0194 and don should be read by you closely.

As you wrote about "real access" maybe the FTP is not the best contact point, but it could give you more information to work on. Often people use their credentials for different services, websites etc. and onced found out, you can often use it for gathering more information.

What other services have you discovered? As of your writing I assume that this is a Blackboxtest (no knowledge about the infratsructure etc.)?

You could look for existing exploits for the ftp server running on the target machine or if you know howto write your own. Often there are exploits easily available for certain programs which will save you time in your task.

If you can't go any further with your bruted ftp account I would recommend to go back and start the process from the beginning (or at least from the information you have gathered so far, e.g. running services, open ports, etc.). Maybe there are some other vulnerable services you could exploit for gaining access.

Is Social Engineering by your 'friend' also allowed? If so, try this out too if you have the ability to talk good to people. Often you get much information just by asking (or pretending). This part of a penetration test is definetily often underestimated.

Do you already know which service packs are included on the target? Maybe it i not up-to-date (check if possible for its uptime and search if there where any critical updates between the time it is running and now).

There are really many ways to penetrate into a machine, but it is important to know the basics (which in my opinion you are somehow lacking; don't take it offensive). If you are really interested in this subject go read some books and make some research. In the forums you will find many recommendations from the pros, so use them. ;)
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Thu May 14, 2009 5:58 am

Re: FTP access ,,Help ?

i'd like to thank u guys really but there's some things u dun know that im not Advanced user in hacking World :) im just newbie

the second part is : im egyptian to learn from internet with english language is hard to me cuz lot of words u guys said in hack expressions i didn't figure it out thats why even so ,, btw i downloaded the EHC course 9 CD's from internet i knew lot from it but i can't do lot of them cuz the course not enough for me i have to take the course or some one explain to me ,, but to take the CEH course not exist in egypt , but

wat im trying to say that alot of things advanced things u said i didn't undersrand like get or find exploits and do it on this box is hard to me

but im trying to learn alot at same time actually i scanned the target and got alot of pots and services opened but dont know how to exploit them
thats why i asked in some thread for someone email to instruct me im not like u guys but im trying to be ,, but thanks for the info i will try to figure it out by my self , i know it will take some time to do it and applicate it on the box , thanks again and i'd be so happy if some one help me in this and explain to me more not to hack this target as beginning but to gain knowledge i hope u understand wat im saying :) :)
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu May 14, 2009 7:09 am

Re: FTP access ,,Help ?

We do support you, as much as we can, rebrov.  Each of us has been where you are.  None of us just picked up a computer and hacked systems, with no learning curve, behind it.  We also understand the difficulty with English, as many of us deal with customers and co-workers who are in the same situation.  If there's a term you need clarified, by all means, ask, and we'll try to explain it.  But you must also be willing to spend some time, yourself, trying to understand and find meaning, as this IS a website, where 'us members' don't just sit and monitor all day, waiting for the opportunity to clarify things.  :-)

In your case, it's just that we CAN'T easily tell you to 'do this, or do that' simply by knowing you gained a user account with ftp access.  As I'd said, there's very little 'ELSE' we can offer, simply by knowing you successfully found a user account and password for the ftp server.  You'll learn as you progress and study that MUCH more time must be spent in enumeration (where you find open ports / services and research exploits and hacks available for those services.)  We can't simply say, 'Look at 'abc' process and run ' xyz' exploit, because we aren't in the know on what services are running on it, ourselves, and where to send you.

Again, it'd be well for you to spend some time with the de-ice bootable security lessons and others, which will help you to learn, more effectively, how to deal with what you find, and how to use other resources, such as milw0rm, on the web, to help you locate known exploits for various findings.  Also, assuming this MIGHT be a windows server, you might do well to obtain some hackable windows VMWare images (you'd have to search the net, or obtain them from a CEH course or something,) or intentionally dig and install some vulnerable windows executables on a lab machine, so you can spend some time learning where to go with the information you uncover.  Additionally building your OWN lab up, and spending time hacking against it, is well worth effort (assuming you have the resources, but if you don't, and your friend is obviously letting you test on his systems, then maybe HE can help you setup a lab.)  There are good books out there on the subject, such as:

http://www.amazon.com/Build-Your-Own-Se ... 0470179864

I think you'll find we all will do our best to help you out, but until you've been able to dig further, and provide more information than simply having gained ftp access, it leaves us in a position where we have no further advice to offer, other than what we have already given you.  With learning comes research, and with research comes time.  And sometimes, with both, comes much frustration, pain, and confusion.  You have to 'roll with the punches,' so to speak, and just 'roll up your sleeves' keep 'plugging away.'  (Sorry, this means, work through frustration, increase your knowledge and skills through study and testing, and keep trying.)

But, if you're just learning, to simply start out with ftp account brute force access, and to hope for a quick root access hack, is NOT a reasonable expectation.  Not if you won't take what we've given you (hints = SQL, Domain Controller, RPC,) and start exploring.  That's how all of us learned the trade, and learning to understand the flow and other possibilities is essential.

Please understand, we're on here to help you learn.  And we're generally happy to do so.  It's just that, as you progress, you also have to learn what to ask us, what information to provide when you ask it, and what to do with the answers you're given.

Good luck, and I wish you well in your learning, rebrov.
Last edited by hayabusa on Thu May 14, 2009 7:12 am, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu May 14, 2009 7:38 am

Re: FTP access ,,Help ?

rebrov wrote:i'd like to thank u guys really but there's some things u dun know that im not Advanced user in hacking World :) im just newbie

the second part is : im egyptian to learn from internet with english language is hard to me cuz lot of words u guys said in hack expressions i didn't figure it out thats why even so ,, btw i downloaded the EHC course 9 CD's from internet i knew lot from it but i can't do lot of them cuz the course not enough for me i have to take the course or some one explain to me ,, but to take the CEH course not exist in egypt , but

wat im trying to say that alot of things advanced things u said i didn't undersrand like get or find exploits and do it on this box is hard to me

but im trying to learn alot at same time actually i scanned the target and got alot of pots and services opened but dont know how to exploit them
thats why i asked in some thread for someone email to instruct me im not like u guys but im trying to be ,, but thanks for the info i will try to figure it out by my self , i know it will take some time to do it and applicate it on the box , thanks again and i'd be so happy if some one help me in this and explain to me more not to hack this target as beginning but to gain knowledge i hope u understand wat im saying :) :)


Can't add much to Hayabusa0194's post, as it is quite detailed to point you in the right direction.
Maybe just downloading some EH CDs you found somewhere on the net is not the best solution to learn something, maybe you should invest some money in real courses or even books (although there are many resources available for free too).

In my opinion it is not possible to be in the it-field without being good at English, as English is used everywhere on the computer, also most resources are available in English. Maybe you can visit an English-course in your country..this would surely help you and improve your skills.

As reading some of your posts I would also recommend you to get some steps back to the basics as it seems you are lacking the needed knowledge. When you are then comfortable with them it will also be easier for you to understand and succeed in advanced topics in the field of penetration testing.

I am quite sure that nobody will write you emails and give you instructions as this is not something you can apply to every target you are assessing. It really depends on so many things which have to be considered.
Of course people can help you if you have specific questions or don't understand something in praticular but it is very important that you start to research by yourself.

A very good start to work on is - as Hayabusa0194 and others already wrote - build up your own lab for testing purposes. This will let you at least at the beginning help very much to gain more experience. I would recommend a mixture of real hardware machines (consider to buy a KVM for saving energy and space) and virtual machines. You can find on this many tutorials on the net (even here on EH when you search), books etc.
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Thu May 14, 2009 7:47 am

Re: FTP access ,,Help ?

thanks Hayabusa for this info and for trying help me and giving me some knowledge , but actually something i want to know m8 is :

when i scan the target and find ports and services wats the diffrent if i find ports opened and services ? isn't it ports = services ports ?

same ?
and even if i found the ports and the services ? i found them with tool scan network called look@lan i dunno its good or bad but i think its good i can find with it the ports and the services how can i exploit them to get root access to the server i dont know alot about exploiting the target like find the ports and then find the exploits for them ,, and about the SQL i dont know about it and how can i use it the course i downloaded didn't learn me alot like i excpected :S i want to learn from u how to start
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu May 14, 2009 8:05 am

Re: FTP access ,,Help ?

"i want to learn from u how to start" - Google is your friend!  ;)  Again, we've given you some ideas.  With the information you've provided, thus far, those ideas are about the only valid starting points we can give you.  Research the findings of the ports and services you've found, further, as I explain below.

"ports = services ports" is not necessarily an accurate statement.  For starters, in general, you can run any service you want, on any port, if you configure the service to run that way.  For instance, FTP may or may not be on port 21, and other services might be configured for differing ports, as well.  You'll want to learn to use nmap (I'm sure there are other good tools you could find / use, but for learning's sake, you'll probably get much more help here if you're using nmap,) and spend as much time with it, as you can, learning about service identification, banner grabbing and other functions of the tool, to help you identify not only WHAT the services are on the ports you've found, but also what versions of the processes you're finding (such as "Dream FTP Server 1.02" for example, which has an exploit listed in the [remote] section on http://www.milw0rm.com&nbsp; )

If you determine both running services and versions of those daemons or processes, it helps you to research vulnerabilities, using CVE listings or milw0rm on the internet, etc. (for common vulnerabilities,) to see if there are known weaknesses, and how to exploit them, if you find some.  In the case of SQL, if you were to determine that the server runs a SQL database (and this will be a more lengthy, time-consuming learning curve,) you might be able to use a SQL injection attack (again, Google is your friend) to gather more data, or even exploit the server to gain root / system access, if done right, on some versions of SQL.  It may be that you have to search (technical term = "trawl") the website on the box (if it's running one) to see if it has a form which is used to access SQL on another server.  In that trawling, you might also find rogue or exploitable cgi or php scripts that a security-weak admin might've left there, and that could potentially give you access.  The possibilities are endless, but to pentest, you need to examine all of your options.

I've had customers who tell me to stop at the first major vulnerability I find, and others who want me to dig, and dig, and dig, to find as much as I can.  It's all dependent upon their needs and wants.  But you need to be really willing to spend your time, and research each and every finding (provided you don't stumble on a major vulnerability, right off the bat, that lands you with root access.)  Unfortunately, even those of us who have done this for a long time, don't always find a quick hack.  It might take days / weeks.  It could take months, if a system is well-secured.  It might even involve writing exploits, ourselves, after 'fuzzing' processes or looking at other means of access.  It's a trial-and-error, learn-as-you-go process, sometimes.  And we all continue to learn from each other's experience.  That's the beauty of sites like ethicalhacker.net !
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu May 14, 2009 8:11 am

Re: FTP access ,,Help ?

Ports and Services are not the same, no. Although many services are applied to certain ports (e.g. FTP often uses port 21), it is possible to let a service run on different ports too. So just because port 21 is open on a machine it does not mean for sure that a ftp server is running.
Also often malware etc. uses ports which are used usually by different services.

A good scanning software which you may test too is nmap which can be found at http://nmap.org/

Just because you found an open port it does not mean that you can automatically exploit it. When you know a certain service/ software running on a machine and can't write your exploits by yourself then just search on google or other sites for already existing exploits. There are already thousands available ;)

When you want to learn about SQL more, why not search about it? I searched only one minute and found already plenty of very useful information. Also on this (and other) subjects are many many books available which will teach you.
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software