CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/ftp/anonymous.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::Ftp

8
  include Msf::Auxiliary::Scanner

9
  include Msf::Auxiliary::Report

10


11
  def initialize

12
    super(

13
      'Name'        => 'Anonymous FTP Access Detection',

14
      'Description' => 'Detect anonymous (read/write) FTP server access.',

15
      'References'  =>

16
        [

17
          ['URL', 'https://en.wikipedia.org/wiki/File_Transfer_Protocol#Anonymous_FTP'],

18
        ],

19
      'Author'      => 'Matteo Cantoni <goony[at]nothink.org>',

20
      'License'     => MSF_LICENSE

21
    )

22


23
    register_options(

24
      [

25
        Opt::RPORT(21),

26
      ])

27
  end

28


29
  def run_host(target_host)

30


31
    begin

32


33
      res = connect_login(true, false)

34


35
      banner.strip! if banner

36


37
      dir = Rex::Text.rand_text_alpha(8)

38
      if res

39
        write_check = send_cmd(['MKD', dir] , true)

40


41
        if write_check && write_check =~ /^2/

42
          send_cmd( ['RMD', dir] , true)

43


44
          print_good("#{target_host}:#{rport} - Anonymous READ/WRITE (#{banner})")

45
          access_type = 'Read/Write'

46
        else

47
          print_good("#{target_host}:#{rport} - Anonymous READ (#{banner})")

48
          access_type = 'Read-only'

49
        end

50
        register_creds(target_host, access_type)

51
      end

52


53
      disconnect

54


55
    rescue ::Interrupt

56
      raise $ERROR_INFO

57
    rescue ::Rex::ConnectionError, ::IOError

58
    end

59
  end

60


61
  def register_creds(target_host, access_type)

62
    # Build service information

63
    service_data = {

64
      address: target_host,

65
      port: datastore['RPORT'],

66
      service_name: 'ftp',

67
      protocol: 'tcp',

68
      workspace_id: myworkspace_id

69
    }

70


71
    # Build credential information

72
    credential_data = {

73
      origin_type: :service,

74
      module_fullname: self.fullname,

75
      private_data: datastore['FTPPASS'],

76
      private_type: :password,

77
      username: datastore['FTPUSER'],

78
      workspace_id: myworkspace_id

79
    }

80


81
    credential_data.merge!(service_data)

82
    credential_core = create_credential(credential_data)

83


84
    # Assemble the options hash for creating the Metasploit::Credential::Login object

85
    login_data = {

86
      access_level: access_type,

87
      core: credential_core,

88
      last_attempted_at: DateTime.now,

89
      status: Metasploit::Model::Login::Status::SUCCESSFUL,

90
      workspace_id: myworkspace_id

91
    }

92


93
    login_data.merge!(service_data)

94
    create_credential_login(login_data)

95
  end

96
end

97


98