天天看點
傳回

Linux - pure-ftpd

pure-ftpd - Secure and efficient FTP server.

Platform: Linux kali 3.14-kali1-686-pae #1 SMP Debian 3.14.5-1kali1

Install pure-ftpd

Permissions

  1. Create a group and a user for ftp access.
  2. Create a ftp user, and give him a password.
  3. Set FTP root directory permissions. 
root:~ /# groupadd ftp
root:~ /# useradd -g ftp -d /dev/null -s /etc ftp
root:~ /# mkdir /var/ftproot
root:~ /# pure-pw useradd ftp -u ftp -g ftp -d /var/ftproot/
Password: 
Enter it again: 
root:~ /# pure-pw mkdb
root:~ /# pure-pw list
ftp                 /var/ftproot/./                                            
root:~ /# pure-pw show ftp

Login              : ftp
Password           : $$0k4WWhr0$6oFQbM9s9WRHDQH.hVtlk0
UID                :  (ftp)
GID                :  (ftp)
Directory          : /var/ftproot/./
Full name          : 
Download bandwidth :  Kb (unlimited)
Upload   bandwidth :  Kb (unlimited)
Max files          :  (unlimited)
Max size           :  Mb (unlimited)
Ratio              : : (unlimited:unlimited)
Allowed local  IPs : 
Denied  local  IPs : 
Allowed client IPs : 
Denied  client IPs : 
Time restrictions  : - (unlimited)
Max sim sessions   :  (unlimited)

root:~ /# ln -s /etc/pure-ftpd/pureftpd.passwd /etc/pure-ftpd.passwd
root:~ /# ln -s /etc/pure-ftpd/pureftpd.pdb /etc/pureftpd.pdb
root:~ /# ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDB
root:~ /# chown -R ftp:ftp /var/ftproot/

Start Ftp Server 

root:~ /# service pure-ftpd start
Starting ftp server: Running: /usr/sbin/pure-ftpd -l puredb:/etc/pure-ftpd/pureftpd.pdb -l pam -l puredb:/etc/pure-ftpd/pureftpd.pdb - UTF- -E -u  -O clf:/var/log/pure-ftpd/transfer.log -B
root:~ /# ss -ant
State      Recv-Q Send-Q                                                                                      Local Address:Port                                                                                        Peer Address:Port 
LISTEN                                                                                                                 :::                                                                                                    :::*     
LISTEN                                                                                                                  *:

Connect to FTP Server 

root:~ /# ftp 
ftp> open  
Connected to .
---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
-You are user number  of  allowed.
-Local time is now : Server port: 
-This is a private system - No anonymous login
-IPv6 connections are also welcome on this server.
 You will be disconnected after  minutes of inactivity.
Name (:root): ftp
 User ftp OK. Password required
Password:
 OK. Current directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls 
 PORT command successful
 Connecting to port 
-rw-r--r--    1 0          0                  22 Jul  9 22:27 README.md
-Options: -l 
  matches total
ftp> quit
-Goodbye. You uploaded  and downloaded  kbytes.
 Logout.

Crack FTP User Password

Crack pure-ftpd hash with john the ripper.

root:~ /# cat hash.txt 
ftp:$$k4WWhr0$oFQbM9s9WRHDQH.hVtlk0:::::
root:~ /# john --single  hash.txt 
Loaded  password hash (FreeBSD MD5 [/ SSE2 intrinsics x])
ftp              (ftp)
guesses:   time: ::: DONE (Thu Jul   :: )  c/s:   trying: ftp - ftP
Use the "--show" option to display all of the cracked passwords reliably
root:~ /# john --show  hash.txt 
ftp:ftp:::::

 password hash cracked,  left

References

  1. Installing Pure-FTPD - http://www.fuzzysecurity.com/tutorials/1.html
Pentesting Password Attacks
上一篇: REDIS - Export File / Read File / Cracker
下一篇: Tools - John The Ripper

繼續閱讀