Chapter 8. Assessing FTP and Database Services
This chapter focuses on the remote assessment of FTP and SQL database services used in most corporate networks to facilitate file distribution and central storage of data. If these services aren’t configured or protected correctly at both application and network levels, they can be used to great effect to compromise networks and sensitive data.
File Transfer Protocol (FTP) services are usually found running on servers to provide public access to files over IP. The FTP service uses the following two ports to function in its native mode:
- TCP port 21
The inbound control port, used to receive and process FTP commands
- TCP port 20
The outbound data port, used to send data from the server to client
Historically, the way that FTP services have been used to compromise networks include:
Brute-force guessing of user passwords to gain direct access
FTP bounce port-scanning and exploit payload delivery
Issuing crafted FTP commands to circumvent stateful filtering devices
Process manipulation, including overflow attacks involving malformed data
I will discuss each of these attack types; however, the first task to undertake when identifying an accessible FTP service is that of enumeration, to ascertain the FTP service that’s running and its configuration.
FTP Banner Grabbing and Enumeration
When finding a server running FTP, the first piece of information discovered by connecting to the service is the FTP server banner:
ftp 192.168.0.11Connected to 192.168.0.11 ...