0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [master] 4 pages modified

This commit is contained in:
CPol 2021-03-31 10:24:54 +00:00 committed by gitbook-bot
parent 9d73005b51
commit a5c0d16ec8
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
2 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
misc/references.md
View File

@ -2,8 +2,6 @@
{% embed url="https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/\#python-tty-shell-trick" %}
{% embed url="https://rmusser.net/docs/Privilege%20Escalation%20&%20Post-Exploitation.html" %}
{% embed url="https://hausec.com/pentesting-cheatsheet/\#\_Toc475368982" %}
{% embed url="https://anhtai.me/pentesting-cheatsheet/" %}
@ -16,8 +14,6 @@
{% embed url="https://chryzsh.gitbooks.io/pentestbook/basics\_of\_windows.html" %}
{% embed url="http://www.0daysecurity.com/penetration-testing/enumeration.html" %}
{% embed url="https://github.com/wwong99/pentest-notes/blob/master/oscp\_resources/OSCP-Survival-Guide.md" %}
{% embed url="https://anhtai.me/oscp-fun-guide/" %}

6
pentesting/pentesting-ftp/README.md
View File

@ -82,7 +82,7 @@ Source: [https://www.thesecuritybuddy.com/vulnerabilities/what-is-ftp-bounce-att
### Anonymous login
_anonymous : anonymous
anonymous :
anonymous :
ftp : ftp_
```bash
@ -110,7 +110,7 @@ Anon login and bounce FTP checks are perform by default by nmap with **-sC** opt
## Browser connection
You can connect to a FTP server using a browser \(like Firefox\) using a URL like:
You can connect to a FTP server using a browser \(like Firefox\) using a URL like:
```bash
ftp://anonymous:anonymous@10.10.10.98
@ -149,7 +149,7 @@ Some FTP servers allow the command PORT. This command can be used to indicate to
[**Learn here how to abuse a FTP server to scan ports.**](ftp-bounce-attack.md)\*\*\*\*
You could also abuse this behaviour to make a FTP server interact with other protocols. You could **upload a file containing an HTTP request** and make the vulnerable FTP server **send it to an arbitrary HTTP server** \(_maybe to add a new admin user?_\) or even upload a FTP request and make the vulnerable FTP server download a file for a different FTP server.
You could also abuse this behaviour to make a FTP server interact with other protocols. You could **upload a file containing an HTTP request** and make the vulnerable FTP server **send it to an arbitrary HTTP server** \(_maybe to add a new admin user?_\) or even upload a FTP request and make the vulnerable FTP server download a file for a different FTP server.
The theory is easy:
1. **Upload the request \(inside a text file\) to the vulnerable server.** Remember that if you want to talk with another HTTP or FTP server you need to change lines with `0x0d 0x0a`