If we capture the FTP session in Wireshark on port 21 of the public network interface, we can see how the communication happens in plaintext. In the following example, we can see that after successfully establishing a connection with a client, the server sends the 230 Welcome to mirror.as35701.net banner message. Following this, the client will anonymously send a request for login.
In this example, we are using the ftplib module to build a script to determine whether a server offers anonymous logins.
You can find the following code in the checkFTPanonymousLogin.py file:
import ftplib
def ftpListDirectory(ftp):
try:
dirList = ftp.nlst()
print(dirList)
except:
dirList = []
print('[-] Could not list directory contents.')
print('[-] Skipping To Next Target.')
return
retList = []
for fileName in dirList:
fn = fileName.lower()
if '.php' in fn or '.htm' in fn or '.asp' in fn:
print('[+] Found default page: ' + fileName)
retList.append(fileName)
return retList
def anonymousLogin(hostname):
try:
ftp = ftplib.FTP(hostname)
ftp.login('anonymous', '')
print(ftp.getwelcome())
ftp.set_pasv(1)
print(ftp.dir())
print(' [*] ' + str(hostname) +' FTP Anonymous Logon Succeeded.')
return ftp
except Exception as e:
print(str(e))
print(' [-] ' + str(hostname) +' FTP Anonymous Logon Failed.')
return False
host = 'ftp.be.debian.org'
ftp = anonymousLogin(host)
ftpListDirectory(ftp)
The anonymousLogin() function takes a hostname and returns a Boolean that describes the availability of anonymous logins. This function tries to create an FTP connection with anonymous credentials. If successful, it returns the True value.
In the following screenshot, we can see an example of executing the previous script over a server that allows anonymous login:
In the following screenshot, we can see packets that are exchanged in the ftp communication:
In the following screenshot, we can see packets and the request command for listing files in the ftp server:
