Probing for Anonymous FTP Access

Administrators sometimes forget to harden services that allow remote access. Some of these services come with default usernames and passwords. A Nessus plug-in can detect such vulnerabilities by attempting to log on to the remote service with a default username or password. For example, the ftp://ftp_anonymous.nasl plug-in connects to an FTP server to check if anonymous access is allowed:

# # This script was written by Renaud Deraison <deraison@cvs.nessus.org> # # # See the Nessus Scripts License for details # if(description) { script_id(10079); script_version ("$Revision: 1.2 $"); script_cve_id("CAN-1999-0497"); script_name(english:"Anonymous FTP enabled"); script_description(english:" This FTP service allows anonymous logins. If you do not want to share data with anyone you do not know, then you should deactivate the anonymous account, since it can only cause troubles. Risk factor : Low"); script_summary(english:"Checks if the remote ftp server accepts anonymous logins"); script_category(ACT_GATHER_INFO); script_family(english:"FTP"); script_copyright(english:"This script is Copyright (C) 1999 Renaud Deraison"); script_dependencie("find_service.nes", "logins.nasl", "smtp_settings.nasl"); script_require_ports("Services/ftp", 21); exit(0); } # # The script code starts here : # include("ftp_func.inc"); port = get_kb_item("Services/ftp"); if(!port)port = 21; state = get_port_state(port); if(!state)exit(0); soc = open_sock_tcp(port); if(soc) { domain ...

Get Network Security Tools now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.