control – metasploit ftp Authentication Scanner

Name: FTP Authentication Scanner
Module: auxiliary/scanner/ftp/ftp_login
Version: 14976
License: Metasploit Framework License (BSD)
Rank: Normal

Provided by:
todb <todb@metasploit.com>

Basic options:
Name              Current Setting  Required  Description
—-              —————  ——–  ———–
BLANK_PASSWORDS   true             no        Try blank passwords for all users
BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
PASSWORD                           no        A specific password to authenticate with
PASS_FILE                          no        File containing passwords, one per line
RECORD_GUEST      false            no        Record anonymous/guest logins to the database
RHOSTS            External-IP   yes       The target address range or CIDR identifier
RPORT             21               yes       The target port
STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
THREADS           1                yes       The number of concurrent threads
USERNAME                           no        A specific username to authenticate as
USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
USER_AS_PASS      true             no        Try the username as the password for all users
USER_FILE                          no        File containing usernames, one per line
VERBOSE           true             yes       Whether to print output for all attempts

Description:
This module will test FTP logins on a range of machines and report
successful logins. If you have loaded a database plugin and
connected to a database this module will record successful logins
and hosts so you can track your access.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0502

—————————————————————————–

Example of successful login

msf  > use auxiliary/scanner/ftp/ftp_login

msf  auxiliary(ftp_login) > set rhosts External-IP
rhosts => External-IP

msf  auxiliary(ftp_login) > run

[*] External-IP:21 – Starting FTP login sweep
[*] Connecting to FTP server External-IP:21…
[*] Connected to target FTP server.
[*] External-IP:21 – FTP Banner: ‘220 Microsoft FTP Service\x0a\x0a’
[*] External-IP:21 FTP – Attempting FTP login for ‘anonymous’:’chrome@example.com’
[+] External-IP:21 – Successful FTP login for ‘anonymous’:’chrome@example.com’
[*] External-IP:21 – User ‘anonymous’ has READ access
[*] Successful authentication with read access on External-IP will not be reported
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

—————————————————————————–

Example of successful login with READ/WRITE access

msf  auxiliary(ftp_login) > run

[*] External-IP:21 – Starting FTP login sweep
[*] Connecting to FTP server External-IP:21…
[*] Connected to target FTP server.
[*] External-IP:21 – FTP Banner: ‘220 Microsoft FTP Service\x0a\x0a’
[*] External-IP:21 FTP – Attempting FTP login for ‘anonymous’:’chrome@example.com’
[+] External-IP:21 – Successful FTP login for ‘anonymous’:’chrome@example.com’
[*] External-IP:21 – User ‘anonymous’ has READ/WRITE access
[*] Successful authentication with write access on External-IP will not be reported
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

http://www.myexploit.wordpress.com/ubuntu-install-filezilla/

—————————————————————————–

Example of none successful login

msf  auxiliary(ftp_login) > run

[*] External-IP:21 – Starting FTP login sweep
[*] Connecting to FTP server External-IP:21…
[*] Connected to target FTP server.
[*] External-IP:21 – FTP Banner: ‘220 Microsoft FTP Service\x0a\x0a’
[*] External-IP:21 FTP – Attempting FTP login for ‘anonymous’:’IEUser@’
[*] External-IP:21 FTP – Failed FTP login for ‘anonymous’:’IEUser@’
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

—————————————————————————–

If you don’t want to use metasploit but want to see same results you can use nmap

root@bt:~# nmap -sV -sC -p 21 remote-ip

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2010-06-02 02:04 BST
Nmap scan report for remote-ip
Host is up (0.00053s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_2010-06-02 02:04 61440 nc.exe
MAC Address: 00:02:03:04:05:06 (Micky Systems)
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds