We are immediately greeted by the FTP daemon banner, which tells us that this is the FTP server where, people using MTNL’s (My ISP) Internet Services, can upload their site. Now, normally FTP daemon banners are more informative than this one. They usually do give away the name of the Operating System running and also the FTP daemon running. Well, actually it is the login prompts of the daemon banner which gives us the Operating System running on it. Normally, a typical daemon banner would have the following Login prompt:
220 xxx2.bol.net.in FTP server (Digital UNIX Version 5.60) ready.
User (bol.net.in :( none)):
Notice the System name in the brackets on the first line. However, normally almost all FTP daemons are better configured (that is the case in the example target system: xxx.bol.net.in) and their login prompt is somewhat like the below:
220 ftp2.xxx.bol.net.in FTP server ready.
User (mail2.bol.net.in :( none)):
See, no Operating System name. However, with the help of some kewl commands, such systems too can be reveal the OS running on them. However, before we go on, there is one thing that you have to be clear about. Now, we had FTP’ed to xxx.bol.net.in, so you normally expect to connect to Port 21 of xxx.bol.net.in, however that is not true. (Atleast in this case.) If you look at the daemon banner again, then you would notice that the last line says:
220 ftp2.xxx.bol.net.in FTP server ready.
Now how did that happen? Well, is Port 21 not open on xxx.bol.net.in ? Well, no and yes. What actually happens is that, Port 21 of xxx.bol.net.in is open and a daemon there is listening for connections. As soon as a connection is established, it transfers the control or connected the visitor to ftp2.xxx.bol.net.in, which is on the same network as xxx.bol.net.in. Now this, ftp.xxx.bol.net.in system is solely a FTP machine. It has no other services running. So whatever information, we gather from such a FTP port is not of xxx.bol.net.in but of ftp2.bol.net.in. Get it?
Anyway, when you get the login prompt, then login anonymously with the anonymous as the Username and a false email address as the password.
220 ftp2.xxx.bol.net.in FTP server ready.
User (ftp2.xxx.bol.net.in:(none)): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password: xxx@linux.net
230 User anonymous logged in. Access restrictions apply.
Even if you have an account at the FTP server into which you plan to break in, it is always better not to use that pair of Username and Password. Logging in anonymously has many advantages. Say if you did cause some harm to the target system and if you use your (Nonanonymous) Username and Password pair, then if you were not able to edit the server logs
Jai Shree Raam
No comments:
Post a Comment