Skip to content

Ftp anonymous#21422

Open
g0tmi1k wants to merge 5 commits intorapid7:masterfrom
g0tmi1k:ftp_anonymous
Open

Ftp anonymous#21422
g0tmi1k wants to merge 5 commits intorapid7:masterfrom
g0tmi1k:ftp_anonymous

Conversation

@g0tmi1k
Copy link
Copy Markdown
Contributor

@g0tmi1k g0tmi1k commented May 7, 2026
edited
Loading

First up: Sorry for the amount of work!

Follow on from: #21415

This PR fixes:

  • @banner_version -> banner_version (So the banner output works again)
  • As we are logged in, able to finger print the host more (via FTP cmds: STAT, SYST, and FEAT)
  • Removed a case when duplicate IP:PORT is shown (Connection refused).

Before

$ git branch; git status;
* master
On branch master
Your branch is up to date with 'origin/master'.

nothing to commit, working tree clean
$
$ ./msfconsole -q -x 'db_status; workspace -D;
setg VERBOSE true; setg RHOSTS 10.0.0.10; setg LHOST tap0; use ftp_anonymous; run'
[*] Connected to msf. Connection type: postgresql.
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
RHOSTS => 10.0.0.10
LHOST => tap0

Matching Modules
================

   #  Name                                 Disclosure Date  Rank    Check  Description
   -  ----                                 ---------------  ----    -----  -----------
   0  auxiliary/scanner/ftp/ftp_anonymous  .                normal  No     Anonymous FTP Access Detection


Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/ftp/ftp_anonymous

[*] Using auxiliary/scanner/ftp/ftp_anonymous
[*] 10.0.0.10:21          - Testing write access, creating test directory: DIMDJJSY
[+] 10.0.0.10:21          - Anonymous Read-only access ()
[*] 10.0.0.10:21          - Listing directory contents
[*] 10.0.0.10:21          - Directory listing: (empty)
[*] 10.0.0.10:21          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_anonymous) >

After

$ git checkout ftp_anonymous; git status
Switched to branch 'ftp_anonymous'
Your branch is up to date with 'origin/ftp_anonymous'.
On branch ftp_anonymous
Your branch is up to date with 'origin/ftp_anonymous'.

nothing to commit, working tree clean
$
$ $ ./msfconsole -q -x 'db_status; workspace -D;
setg VERBOSE true; setg RHOSTS 10.0.0.10; setg LHOST tap0; use ftp_anonymous; run'
[*] Connected to msf. Connection type: postgresql.
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
RHOSTS => 10.0.0.10
LHOST => tap0

Matching Modules
================

   #  Name                                 Disclosure Date  Rank    Check  Description
   -  ----                                 ---------------  ----    -----  -----------
   0  auxiliary/scanner/ftp/ftp_anonymous  .                normal  No     Anonymous FTP Access Detection


Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/ftp/ftp_anonymous

[*] Using auxiliary/scanner/ftp/ftp_anonymous
[*] 10.0.0.10:21          - Testing write access, creating test directory: TETlApld
[+] 10.0.0.10:21          - Anonymous Read-only access (vsFTPd 2.3.4)
[*] 10.0.0.10:21          - Listing directory contents
[*] 10.0.0.10:21          - Directory listing: (empty)
[*] 10.0.0.10:21          - Fingerprinting FTP service
[*] 10.0.0.10:21          - Sending FEAT
[*] 10.0.0.10:21          - FEAT: 211-Features:
 EPRT
 EPSV
 MDTM
 PASV
 REST STREAM
 SIZE
 TVFS
 UTF8
211 End
[*] 10.0.0.10:21          - Sending STAT
[*] 10.0.0.10:21          - STAT: 211-FTP server status:
     Connected to 10.0.0.1
     Logged in as ftp
     TYPE: ASCII
     No session bandwidth limit
     Session timeout in seconds is 300
     Control connection is plain text
     Data connections will be plain text
     vsFTPd 2.3.4 - secure, fast, stable
211 End of status
[*] 10.0.0.10:21          - Sending SYST
[*] 10.0.0.10:21          - SYST: 215 UNIX Type: L8
[*] 10.0.0.10:21          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_anonymous) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      2         1      1      0      4

msf auxiliary(scanner/ftp/ftp_anonymous) > notes

Notes
=====

 Time                     Host       Service  Port  Protocol  Type        Data
 ----                     ----       -------  ----  --------  ----        ----
 2026-05-07 12:27:54 UTC  10.0.0.10  ftp      21    tcp       ftp.banner  {:banner=>"220 (vsFTPd 2.3.4)"}
 2026-05-07 12:27:54 UTC  10.0.0.10  ftp      21    tcp       ftp.feat    {:username=>"anonymous", :output=>"211-Features:\r\n EPRT\r\n EPSV\r\n MDTM\r\n PASV\r\n REST STREAM\r\n SIZE\r\n TVFS\r\n UTF8\r\n2
                                                                          11 End"}
 2026-05-07 12:27:54 UTC  10.0.0.10  ftp      21    tcp       ftp.stat.   {:username=>"anonymous", :output=>"211-FTP server status:\r\n     Connected to 10.0.0.1\r\n     Logged in as ftp\r\n     TYPE: ASCII
                                                                          \r\n     No session bandwidth limit\r\n     Session timeout in seconds is 300\r\n     Control connection is plain text\r\n     Data
                                                                          connections will be plain text\r\n     vsFTPd 2.3.4 - secure, fast, stable\r\n211 End of status"}
 2026-05-07 12:27:54 UTC  10.0.0.10  ftp      21    tcp       ftp.syst    {:username=>"anonymous", :output=>"215 UNIX Type: L8"}

msf auxiliary(scanner/ftp/ftp_anonymous) >

@g0tmi1k g0tmi1k force-pushed the ftp_anonymous branch 4 times, most recently from ed644fb to 8ff5bb8 Compare May 7, 2026 14:39
@g0tmi1k g0tmi1k force-pushed the ftp_anonymous branch 2 times, most recently from eb697ba to 3502a74 Compare May 8, 2026 02:46
@g0tmi1k g0tmi1k mentioned this pull request May 8, 2026
Merged
@g0tmi1k
Copy link
Copy Markdown
Contributor Author

g0tmi1k commented May 8, 2026

#21379

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Metasploit Kanban
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@g0tmi1k @smcintyre-r7