Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::Ftp
8
  include Msf::Auxiliary::Scanner
9
  include Msf::Auxiliary::Report
10

11
  def initialize
12
    super(
13
      'Name'        => 'Anonymous FTP Access Detection',
14
      'Description' => 'Detect anonymous (read/write) FTP server access.',
15
      'References'  =>
16
        [
17
          ['URL', 'https://en.wikipedia.org/wiki/File_Transfer_Protocol#Anonymous_FTP'],
18
        ],
19
      'Author'      => 'Matteo Cantoni <goony[at]nothink.org>',
20
      'License'     => MSF_LICENSE
21
    )
22

23
    register_options(
24
      [
25
        Opt::RPORT(21),
26
      ])
27
  end
28

29
  def run_host(target_host)
30

31
    begin
32

33
      res = connect_login(true, false)
34

35
      banner.strip! if banner
36

37
      dir = Rex::Text.rand_text_alpha(8)
38
      if res
39
        write_check = send_cmd(['MKD', dir] , true)
40

41
        if write_check && write_check =~ /^2/
42
          send_cmd( ['RMD', dir] , true)
43

44
          print_good("#{target_host}:#{rport} - Anonymous READ/WRITE (#{banner})")
45
          access_type = 'Read/Write'
46
        else
47
          print_good("#{target_host}:#{rport} - Anonymous READ (#{banner})")
48
          access_type = 'Read-only'
49
        end
50
        register_creds(target_host, access_type)
51
      end
52

53
      disconnect
54

55
    rescue ::Interrupt
56
      raise $ERROR_INFO
57
    rescue ::Rex::ConnectionError, ::IOError
58
    end
59
  end
60

61
  def register_creds(target_host, access_type)
62
    # Build service information
63
    service_data = {
64
      address: target_host,
65
      port: datastore['RPORT'],
66
      service_name: 'ftp',
67
      protocol: 'tcp',
68
      workspace_id: myworkspace_id
69
    }
70

71
    # Build credential information
72
    credential_data = {
73
      origin_type: :service,
74
      module_fullname: self.fullname,
75
      private_data: datastore['FTPPASS'],
76
      private_type: :password,
77
      username: datastore['FTPUSER'],
78
      workspace_id: myworkspace_id
79
    }
80

81
    credential_data.merge!(service_data)
82
    credential_core = create_credential(credential_data)
83

84
    # Assemble the options hash for creating the Metasploit::Credential::Login object
85
    login_data = {
86
      access_level: access_type,
87
      core: credential_core,
88
      last_attempted_at: DateTime.now,
89
      status: Metasploit::Model::Login::Status::SUCCESSFUL,
90
      workspace_id: myworkspace_id
91
    }
92

93
    login_data.merge!(service_data)
94
    create_credential_login(login_data)
95
  end
96
end
97

98