What is FTP. The word FTP stands for File Transfer Protocol. FTP servers will let you to both download (retrieve a file from the server) and upload (send a file to the server) files from the server very easy (if you have permission to do so). You browse through a remote FTP site the same way you browse through your own computer's files and directories (of course, you don't have read and/or write access to every file on the system, and some files you can't even see).
Anonymous Login. At times you may wish to copy files from a remote machine on which you do not have a loginname. This can be done using anonymous FTP. When the remote machine asks for your loginname, you should type in the word anonynous. Instead of a password, you should enter your own email address. This allows the remote site to keep records of the anonymous FTP requests. Once you have been logged in, you are in the anonynous directory for the remote machine. This usually contains a number of public files and directories. Again you should be able to move around in these directories. However, you are only able to copy the files from the remote machine to your own local machine. You are not able to write on the remote machine or to delete any files there.
The following are several basic FTP commands. To communicate with FTP daemons, connect to port 21 and then use the following commands to communicate with the FTP server:
- cd change directory (on the server)
- lcd change local directory (when sending a file, the path of the specified file will be the path you specify on lcd)
- dir,ls directory listing
- binary change mode to binary transfer
- get retrieve a file
- mget retrieve many files
- put send a file
- mput send many files
- pwd print working directory on the server
- mkdir make a new directory
- rmdir removes a directory
- ascii sets themode of file transfer to ASCII
- quit exit FTP environment
Exploits. To find FTP exploits, try searching the following websites (or join the BugTraq mailing list at www.securityfocus.com):
- CERT (Computer Emergency Response Team) - http://cert.org
- X-Force Search (simplest) - http://www.iss.net/cgi-bin/xforce/xforce_index.pl
- Packet Storm - packetstorm.genocide2600.com
- Fyodor's Exploit World - http://www.insecure.org/sploits.html
- Spikeman's Denial Of Service Website (for DoS attacks against FTP servers) - http://www.genocide2600.com/~spikeman/
- RootShell - http://www.rootshell.com
- Slashdot - http://www.slashdot.org
No comments:
Post a Comment