I was curious to see if anyone has been able to get Nmap's ftp-anon.nse script to actually list the content on an accessible ftp server. I've tried various ftp server versions and, although the script detects anonymous access, it won't list the contents.
http://nmap.org/nsedoc/scripts/ftp-anon.html
Here's the Nmap syntax I've tried:
root@bt:/scripts# nmap -sV -sC -p21 192.168.0.1
Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-26 15:02 EDT
Nmap scan report for 192.168.0.1
Host is up (0.00091s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp FileZilla ftpd 0.9.36 beta
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_ftp-bounce: bounce working!
MAC Address: 00:0C:29:99:74:11 (VMware)
Service Info: OS: Windows
Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-26 15:03 EDT
Nmap scan report for 192.168.0.1
Host is up (0.00032s latency).
PORT STATE SERVICE
21/tcp open ftp
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
MAC Address: 00:0C:29:99:74:11 (VMware)
The tested FTP server does contain content. Any thoughts?
Thanks,
Jason Doyle
Senior Consultant
tel: +1 813.348.3385 fax: +1 813.348.3455
jason.doyle (at) protiviti (dot) com [email concealed]
www.protiviti.com
------------------------------------------------------------------------
------
NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you.
========================================================================
======
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
I was curious to see if anyone has been able to get Nmap's ftp-anon.nse script to actually list the content on an accessible ftp server. I've tried various ftp server versions and, although the script detects anonymous access, it won't list the contents.
http://nmap.org/nsedoc/scripts/ftp-anon.html
Here's the Nmap syntax I've tried:
root@bt:/scripts# nmap -sV -sC -p21 192.168.0.1
Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-26 15:02 EDT
Nmap scan report for 192.168.0.1
Host is up (0.00091s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp FileZilla ftpd 0.9.36 beta
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_ftp-bounce: bounce working!
MAC Address: 00:0C:29:99:74:11 (VMware)
Service Info: OS: Windows
root@bt:/scripts# nmap --script=ftp-anon -p21 192.168.0.1
Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-26 15:03 EDT
Nmap scan report for 192.168.0.1
Host is up (0.00032s latency).
PORT STATE SERVICE
21/tcp open ftp
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
MAC Address: 00:0C:29:99:74:11 (VMware)
The tested FTP server does contain content. Any thoughts?
Thanks,
Jason Doyle
Senior Consultant
tel: +1 813.348.3385 fax: +1 813.348.3455
jason.doyle (at) protiviti (dot) com [email concealed]
www.protiviti.com
------------------------------------------------------------------------
------
NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you.
========================================================================
======
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]