Chapter 8. Assessing FTP and Database Services

This chapter focuses on the remote assessment of FTP and SQL database services used in most corporate networks to facilitate file distribution and central storage of data. If these services aren’t configured or protected correctly at both application and network levels, they can be used to great effect to compromise networks and sensitive data.

FTP

File Transfer Protocol (FTP) services are usually found running on servers to provide public access to files over IP. The FTP service uses the following two ports to function in its native mode:

TCP port 21

The inbound control port, used to receive and process FTP commands

TCP port 20

The outbound data port, used to send data from the server to client

Historically, the way that FTP services have been used to compromise networks include:

  • Brute-force guessing of user passwords to gain direct access

  • FTP bounce port-scanning and exploit payload delivery

  • Issuing crafted FTP commands to circumvent stateful filtering devices

  • Process manipulation, including overflow attacks involving malformed data

I will discuss each of these attack types; however, the first task to undertake when identifying an accessible FTP service is that of enumeration, to ascertain the FTP service that’s running and its configuration.

FTP Banner Grabbing and Enumeration

When finding a server running FTP, the first piece of information discovered by connecting to the service is the FTP server banner:

# ftp 192.168.0.11 Connected to 192.168.0.11 ...

Get Network Security Assessment now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.