当前位置:网站首页>6-20 vulnerability exploitation proftpd test
6-20 vulnerability exploitation proftpd test
2022-07-28 19:11:00 【Mountain Rabbit 1】
proftpd Introduce
ProFTPD: One Unix Platform or class Unix On the platform ( Such as Linux,FreeBSD etc. ) Of FTP Server program
http://www.proftpd.org/
You can download the corresponding version , And then build the environment
Target detection proftpd
Use nmap -sV -p 2121 IP Address Target detection proftpd Version information
ad locum , We can clearly detect the version information
We first detect the open port of the target
nmap 192.168.1.105
below , We will use specific version information , To detect target information
nmap -sV -p 2121 192.168.1.105
above , We have completed the corresponding version detection
exploit-db Search for target vulnerabilities
stay https://www.exploit-db.com/ Enter the corresponding software and version to search for vulnerabilities
If not searched , It shows that there are no specific vulnerabilities in this version
searchsploit proftpd 1.3
You can see this is 1.3 A loophole in the
searchsploit proftpd 1.3.1
We see 1.3.1 There is no corresponding vulnerability found , Of course , We can also take proftpd Version vulnerability , Try this
msf Brute force
Use metasploit Under the auxiliary/scanner/ftp/ftp_login Conduct target detection
You can see that there are many loopholes , We can according to the actual situation , Download the version for testing , We download... From the official website , You can install and build , You can see a lot of rce Loophole
msfconsole
use auxiliary/scanner/ftp/ftp_login
show options
set rhosts 192.168.1.105
set rport 2121
When we set it up , You can set 21 Port no. , Premise is , This port , function ftp service ,rhosts Be sure to set specific IP Address , perhaps CIDR, Will be under the current IP Address , Guess
set username msfadmin
On the ground , We can also set the corresponding user file
set password msfadmin
run
1、 Upgrade the software to the latest version , Version without vulnerability
2、 Strengthen monitoring , Strengthen the monitoring of the current system , Turn off unnecessary ports
边栏推荐
- How to obtain data on mobile phones and web pages after the SCM data is uploaded to Alibaba cloud Internet of things platform?
- FTM module of K60: configure motor, encoder and steering gear
- OAI L3 and L2 interface analysis
- Mongodb initialization
- How to write a JMeter script common to the test team
- Is there any prospect and way out for software testing?
- Is two months of software testing training reliable?
- Easynlp Chinese text and image generation model takes you to become an artist in seconds
- 服务器正文21:不同编译器对预编译的处理(简单介绍msvc和gcc)
- 4 年后,Debian 终夺回“debian.community”域名!
猜你喜欢
随机推荐
优麒麟系统安装BeyondComare
配置教程:新版本EasyCVR(v2.5.0)组织结构如何级联到上级平台?
The difference between --save Dev and --save in NPM
6-20漏洞利用-proftpd测试
unity CS1513
Win11系统svchost.exe一直在下载怎么办?
【滤波跟踪】基于EKF、时差和频差定位实现目标跟踪附matlab代码
Interpretation of ue4.25 slate source code
New progress in the implementation of the industry | the openatom openharmony sub forum of the 2022 open atom global open source summit was successfully held
How big is it suitable for learning software testing?
GPIO port configuration of K60
The open source of "avoiding disease and avoiding medicine" will not go far
My creation anniversary -- July 25th, 2022
Wechat solves the problem of long press selected style
If you want to learn software testing, where can you learn zero foundation?
Overview and working principle of single chip microcomputer crystal oscillator
Xiaobai must see the development route of software testing
Why did wechat change from "small and beautiful" to "big and fat" when it expanded 575 times in 11 years?
QT widget promoted to QWidget
Getting started with gateway