Ethical Hacking and Penetration Testing Guide



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə72/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   68   69   70   71   72   73   74   75   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

TCP FTP Bounce Scan
This type of scan exploits a vulnerability inside old FTP servers that support a proxy-based FTP 
connection. This vulnerability takes advantage of a feature that existed inside old ftp servers, which 
allowed the users to connect to the FTP server and send files to a third-party server. This was done 


110
◾ 
Ethical Hacking and Penetration Testing Guide
by asking the server to send a file to a specific port on the target machine. This way the attacker 
could remain anonymous, while the FTP server actually performs the dirty work.
Port
192,168,0,5,0-135
SYN + Port 135
SYN/ACK
ACK
226 Transfer
complete
Source
192.168.0.8
FTP server
192.168.0.7
Destination
192.168.0.5
List
However, I would like to mention that this bug was patched inside most of the FTP servers 
during the 1990s when it was first found, and almost all ftp servers are nowadays configured to 
block port commands, but you can still find a vulnerable FTP server if you look long enough.
Nmap gives you the flexibility to test if a target FTP server is vulnerable to the FTP bounce 
attack or not.
Command
:
nmap –b
Service Version Detection
So, until now we discussed how to figure out the services that are running on a certain port. In this 
section, we will learn to use nmap to find the exact version of the service running on a port; this 
could help us look for the potential exploits for that particular version of the service.
Nmap has a database named nmap-services that contain more than 2200 well-known services. 
The service version detection can be performed by specifying the –sv parameter to the nmap.
Command
:
nmap –sV


Target Enumeration and Port Scanning Techniques
◾ 

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   68   69   70   71   72   73   74   75   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin