Stapler_FTP

FTP

---

Nmap discovered a FTP server on the target port 21 The running service is vsftpd 2.0.8 or later

Null Session

---

┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/stapler]
└─$ ftp ftp@$IP     
Connected to 192.168.239.148.
220-
220-|-----------------------------------------------------------------------------------------|
220-| Harry, make sure to update the banner when you get a chance to show who has access here |
220-|-----------------------------------------------------------------------------------------|
220-
220 
331 Please specify the password.
Password: ftp
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

While the target FTP server allows anonymous access, there is a username disclosure in the banner; harry

ftp> put test 
local: test remote: test
200 PORT command successful. Consider using PASV.
550 Permission denied.

No write access

ftp> ls
550 Permission denied.
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r--    1 0        0             107 Jun 03  2016 note
226 Directory send OK.

There is a single file; note

note

---

ftp> more note
Elly, make sure you update the payload information. Leave it in your FTP account once your are done, John.

The note file contains even more usernames; elly and john