- RFC 959 October 1985 - File Transfer Protocol
- DATA PORT (PORT)
- “The argument is a HOST-PORT specification for the data port to be used in data connection. There are defaults for both the user and server data ports, and under normal circumstances this command and its reply are not needed. If this command is used, the argument is the concatenation of a 32-bit internet host address and a 16-bit TCP port address. This address information is broken into 8-bit fields and the value of each field is transmitted as a decimal number (in character string representation).
- The fields are separated by commas.
- A port command would be:
- PORT h1,h2,h3,h4,p1,p2
- where h1 is the high order 8 bits of the internet host address.”
FTP Bounce Scan (-b) with Nmap
- -b [
][: ]@ [: ] Most modern FTP servers have fixed this vulnerability, but many modern printers that support FTP have forwarding capabilities turned on by default
Nmap FTP Bounce Scans
- Most common results of FTP bounce scan attempts
Starting Nmap ( http://nmap.org )
Your FTP bounce server doesn’t allow privileged ports, skipping them.
Your FTP bounce servers sucks, it won’t let us feed bogs ports!
- Successful FTP bounce scan
Starting Nmap ( http://nmap.org )
Attempting connection to ftp://anonymous:-wwwuser@@XXX.YY.111.2:21
Connected:220 JD FTP Server Ready
Login credentials accepted by ftp server!
Initiating TCP ftp bounce scan against scanme.nmap.org (64.13.134.52)
Adding open port 22/tcp
Adding open port 25/tcp
Scanned 3 ports in 12 seconds via the Bounce scan.
Interesting ports on scanme.nmap.org (64.13.134.52):
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
135/tcp filtered msrpc
Nmap done: 1 IP address (1 host up) scanned in 21.79 seconds
No comments:
Post a Comment