当前位置:网站首页>6-20 vulnerability exploitation proftpd test
6-20 vulnerability exploitation proftpd test
2022-07-28 19:11:00 【Mountain Rabbit 1】
proftpd Introduce
ProFTPD: One Unix Platform or class Unix On the platform ( Such as Linux,FreeBSD etc. ) Of FTP Server program
http://www.proftpd.org/
You can download the corresponding version , And then build the environment
Target detection proftpd
Use nmap -sV -p 2121 IP Address Target detection proftpd Version information
ad locum , We can clearly detect the version information
We first detect the open port of the target
nmap 192.168.1.105
below , We will use specific version information , To detect target information
nmap -sV -p 2121 192.168.1.105
above , We have completed the corresponding version detection
exploit-db Search for target vulnerabilities
stay https://www.exploit-db.com/ Enter the corresponding software and version to search for vulnerabilities
If not searched , It shows that there are no specific vulnerabilities in this version
searchsploit proftpd 1.3
You can see this is 1.3 A loophole in the
searchsploit proftpd 1.3.1
We see 1.3.1 There is no corresponding vulnerability found , Of course , We can also take proftpd Version vulnerability , Try this
msf Brute force
Use metasploit Under the auxiliary/scanner/ftp/ftp_login Conduct target detection
You can see that there are many loopholes , We can according to the actual situation , Download the version for testing , We download... From the official website , You can install and build , You can see a lot of rce Loophole
msfconsole
use auxiliary/scanner/ftp/ftp_login
show options
set rhosts 192.168.1.105
set rport 2121
When we set it up , You can set 21 Port no. , Premise is , This port , function ftp service ,rhosts Be sure to set specific IP Address , perhaps CIDR, Will be under the current IP Address , Guess
set username msfadmin
On the ground , We can also set the corresponding user file
set password msfadmin
run
1、 Upgrade the software to the latest version , Version without vulnerability
2、 Strengthen monitoring , Strengthen the monitoring of the current system , Turn off unnecessary ports
边栏推荐
- Is zero basic software testing training reliable?
- Kali doesn't have an eth0 network card? What if you don't connect to the Internet
- 3、 Uni app fixed or direct to a certain page
- Can the training software test be employed
- If you want to learn software testing, where can you learn zero foundation?
- More loading in applets (i.e. list paging)
- PyG搭建异质图注意力网络HAN实现DBLP节点预测
- 【物理应用】水下浮动风力涡轮机的尾流诱导动态模拟风场附matlab代码
- QT widget promoted to QWidget
- 【图像分割】基于方向谷形检测实现静脉纹路分割附MATLAB代码
猜你喜欢
Decimal to binary advanced version (can convert negative numbers and boundary values)
Applet applet jump to official account page
Redis advantages and data structure related knowledge
历史上的今天:微软收购 QDOS;模型检测先驱出生;第一张激光照排的中文报纸...
QT widget promoted to QWidget
Special Lecture 6 tree DP learning experience (long-term update)
Win11电脑摄像头打开看不见,显示黑屏如何解决?
Getting started with gateway
Is software testing really as good as online?
Use the self-developed proxy server to solve the cross domain access errors encountered when uploading files by SAP ui5 fileuploader trial version
随机推荐
2、 Uni app login function page Jump
3、 Uni app fixed or direct to a certain page
EasyCVR接入设备后播放视频出现卡顿现象的原因分析及解决
DevCon.exe 导出output至指定文件
关于白盒测试,这些技巧你得游刃有余~
UE4.25 Slate源码解读
Can the training software test be employed
QT user defined control user guide (flying Qingyun)
2022杭电多校第二场1011 DOS Card(线段树)
【雷达】基于核聚类实现雷达信号在线分选附matlab代码
QT function optimization: QT 3D gallery
More loading in applets (i.e. list paging)
New progress in the implementation of the industry | the openatom openharmony sub forum of the 2022 open atom global open source summit was successfully held
Is there any prospect and way out for software testing?
How to adjust the brightness of win11? Four methods of adjusting screen brightness in win11
4、 Interface requests data to update input information interactively
Redis cache avalanche, penetration, breakdown, bloom filter, detailed explanation of distributed lock
Efficiency comparison of JS array splicing push() concat() methods
EasyCVR新版本级联时,下级平台向上传递层级目录显示不全的原因分析
The open source of "avoiding disease and avoiding medicine" will not go far