Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/scanner/ftp/anonymous.rb
19778 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::Ftp

8
  include Msf::Auxiliary::Scanner

9
  include Msf::Auxiliary::Report

10


11
  def initialize

12
    super(

13
      'Name' => 'Anonymous FTP Access Detection',

14
      'Description' => 'Detect anonymous (read/write) FTP server access.',

15
      'References' => [

16
        ['URL', 'https://en.wikipedia.org/wiki/File_Transfer_Protocol#Anonymous_FTP'],

17
      ],

18
      'Author' => 'Matteo Cantoni <goony[at]nothink.org>',

19
      'License' => MSF_LICENSE

20
    )

21


22
    register_options(

23
      [

24
        Opt::RPORT(21),

25
      ]

26
    )

27
  end

28


29
  def run_host(target_host)

30
    begin

31
      res = connect_login(true, false)

32


33
      banner.strip! if banner

34


35
      dir = Rex::Text.rand_text_alpha(8)

36
      if res

37
        write_check = send_cmd(['MKD', dir], true)

38


39
        if write_check && write_check =~ /^2/

40
          send_cmd(['RMD', dir], true)

41


42
          print_good("#{target_host}:#{rport} - Anonymous READ/WRITE (#{banner})")

43
          access_type = 'Read/Write'

44
        else

45
          print_good("#{target_host}:#{rport} - Anonymous READ (#{banner})")

46
          access_type = 'Read-only'

47
        end

48
        register_creds(target_host, access_type)

49
      end

50


51
      disconnect

52
    rescue ::Interrupt

53
      raise $ERROR_INFO

54
    rescue ::Rex::ConnectionError, ::IOError

55
    end

56
  end

57


58
  def register_creds(target_host, access_type)

59
    # Build service information

60
    service_data = {

61
      address: target_host,

62
      port: datastore['RPORT'],

63
      service_name: 'ftp',

64
      protocol: 'tcp',

65
      workspace_id: myworkspace_id

66
    }

67


68
    # Build credential information

69
    credential_data = {

70
      origin_type: :service,

71
      module_fullname: self.fullname,

72
      private_data: datastore['FTPPASS'],

73
      private_type: :password,

74
      username: datastore['FTPUSER'],

75
      workspace_id: myworkspace_id

76
    }

77


78
    credential_data.merge!(service_data)

79
    credential_core = create_credential(credential_data)

80


81
    # Assemble the options hash for creating the Metasploit::Credential::Login object

82
    login_data = {

83
      access_level: access_type,

84
      core: credential_core,

85
      last_attempted_at: DateTime.now,

86
      status: Metasploit::Model::Login::Status::SUCCESSFUL,

87
      workspace_id: myworkspace_id

88
    }

89


90
    login_data.merge!(service_data)

91
    create_credential_login(login_data)

92
  end

93
end

94


95