This one is very simple...... 1. Every FTP Server running in the target gets the same result when we perform vulnerability assessment.
This means that when an FTP (a Plain text protocol) transaction is done, intruders can sniff it / hijack sessions. So, we need to use secure protocol for the same functionaly . 2. FTP Server is running. It means an Intruder can get the fingerprint (banner) of the Software running By knowing so, the intruder can search for available exploits and get the control. So, solution would be to customize the response given by the FTP Server. Ex: c:\> telnet 192.168.100.1 21 The above command gives u the fingerprint of the server. Above both are minimal security issues. Further you can raise 1 post for each vulnerability verification, which makes clear understanding. Cheers, 0xN41K On Sat, Jul 3, 2010 at 9:10 PM, Old Chick <[email protected]> wrote: > Hello N41K > > Hi and thanks for quick reponse on the discussion > I only require and i want to know how to use the protocol/application > and how to exploit it > > As u asked the nessus exploit > > 1. > > Synopsis: > The remote FTP server allows credentials to be transmitted in clear > text. > > Description: > The remote FTP does not encrypt its data and control connections. The > user name and password are transmitted in clear text and may be > intercepted by a network sniffer, or a man-in-the-middle attack. > > > 2. > > Synopsis: > An FTP server is listening on this port. > > Description: > It is possible to obtain the banner of the remote FTP server by > connecting to the remote port. > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
