Author Topic: FTP scan -stats-  (Read 5284 times)

0 Members and 1 Guest are viewing this topic.

Offline neusbeer

  • Knight
  • **
  • Posts: 223
  • Cookies: 11
  • Beer makes you stronger XD
    • View Profile
    • http://www.facebook.nl/hackneus
FTP scan -stats-
« on: January 19, 2012, 11:16:52 pm »
FTP scan -STATS-

For those who is interested in my stats
and findings after a nice big scan of FTP

I scanned in groups of 50000 Dutch IPs with NMap.
I used -T5 to speed up the things so he can missed some
ftp servers with slow response.

scan command/the script I used
Code: [Select]
#!/bin/bash
# $1 : infile (without .txt) output is infile + _p21.gnmap/nmap/xml
sudo nmap -v -iL "$1".txt -Pn -T5 -sV --version-all -n -p 21 -oA ~/workingdir/output/p21/"$1"_p21 --script=ftp-anon,banner,ftp-proftpd-backdoor,ftp-vsftpd-backdoor --open -sS

I scanned for this 105 ip lists of 5000 gives me a total op 5.250.000 IP's
(still busy, 45 to go)

Not 1 time I got a hit from the 2 scripts of nmap which checks for a backdoored FTP version

so
num ip's                          : 5.250.000 (list)
uniq IP's w/o port 21      :    41.412 (list)
   Top 5 ip groups (list)
     6963  145.216
     3442  145.217
     1642    83.162
     1194  212.204
       996    86.109
backdoored                    : 0
Found Service Info         : 142 *not much(-T5 is fastscan with not enough waiting time)
   Top 5   
      85 Service Info: OS: Unix
      27 Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
        4 Service Info: Device: firewall
        3 Service Info: Device: broadband router
        2 Service Info: OS: VxWorks; CPE: cpe:/o:windriver:vxworks
     
FTP anonymous access      : 1765* succesfully logins with user:anonymous pass:anon@
     
also the scan did a banner grab (short one because of the T5 option of NMap)
Banner grabbed            : 20457 (almost 50% of the open ports found) (link)
   Return codes top 3
    20190 220
          62 530
          46 550
     
   ProFTPD                      :  5308 (1/4 of all the banners)
   Top 5 versions
      621 ProFTPD 1.3.1 Server
      368 ProFTPD 1.3.3c Server
      355 ProFTPD 1.3.2e Server
      240 ProFTPD 1.3.3e Server
      141 ProFTPD 1.3.3a Server
   vsFTPD                        : 1653
   Top 5 versions
     907 (vsFTPd 2.0.5)
     205 (vsFTPd 2.0.7)
     122 (vsFTPd 2.3.2)
     119 (vsFTPd 2.2.2)
       68 (vsFTPd 2.0.1)
   FileZilla                      :  710
   Top 5 versions
     168 FileZilla Server version 0.9.37 beta
     142 FileZilla Server version 0.9.39 beta
       83 FileZilla Server version 0.9.40 beta
       72 FileZilla Server version 0.9.34 beta
       41 FileZilla Server version 0.9.33 beta
   VxWorks                  :  99
   Top 5 versions
      69 VxWorks (VxWorks5.4.2) FTP server ready
      17 Tornado-vxWorks (VxWorks5.4.2) FTP server ready
        9 VxWorks (5.4.2) FTP server ready
        2 VxWorks (VxWorks5.5.1) FTP server ready
        1 VxWorks FTP server (VxWorks 5.4.2) ready.
   NASFTP               : 359
     Turbo                : 350
        277 Turbo station 2.x 1.3.2e Server
          73 Turbo station 2.x 1.3.1rc2 Server
      3.x Server                 :   9
   Serv-U                  : 139
   Top 5 versions
        29   v6.4
        16   v6.0
        14 v11.1
        11   v6.2
          8   v6.3
     
   FTP Server ready.      : 2469


some other statics
   NAS found                    :  615
   Microsoft FTP Service   : 1805
   FritzBox            :   86
   'welcome' in banner      : 3116
   'ready' in banner              :   8792
   service not available        :   33
   Cisco                                :   23
   P2612HW                         :   62 *ZyXEL Router
   camera's                          :   47 *39 AXIS
   DreamBox                        :   197
   Moxa FTP                          :   13
   DSL Router                       :   30
   DiskStation                      :   255
   Check Point Firewall:       :      119
   TCAdmin                          :   40
   Winsock ready...              :   93
   Gene6                              :   54
   spftp                                :   38
   ucftpd                               :   20
   FTP-Uploadserver             :   61
   WAR-FTPD                        :    7
   BulletProof   FTP               :   27
   Titan FTP                          :   14
   zFTPServer                       :   20
   Cerberus                          :   22
   Rumpus                           :   37
   JD FTP                             :   33
   Card AOS                        :   68
   pd-admin                        :    6
   Welcome to
      the CS network              :   25  ? so many
   Netwerkschijf                 :   7 *dutch for "disk drive"
   Inactivity timer text                 :   72
   Connection refused,
      unknown IP address           :   59
   IP in banner                   : 3859
   
   
Why I make stats?
can be handy with pentesting!
For example knowning that the word 'welcome' isn't often used (+/- 25%)
and 'ready' not reaching 50% that a scanner based on return strings
isn't the best idea.
Or if you see the versions of the mainly used ftp servers don't have the latest
version. 1.3.1. for ProFTPD and 2.0.5 for vsFTPd. and googling around brings
a lot of exploits based on this versions.
Serv-U 6.4 is most used, and a lot of exploits are on the net.
(Dir traversal, BoF's, Auth. bypass).

« Last Edit: January 19, 2012, 11:20:19 pm by neusbeer »
--Neusbeer

Offline Zer0Flag

  • Serf
  • *
  • Posts: 20
  • Cookies: 5
    • View Profile
Re: FTP scan -stats-
« Reply #1 on: January 21, 2012, 11:45:52 am »
I guess you used some box to scan that ? And how long did it take ?

~Zer0

Offline neusbeer

  • Knight
  • **
  • Posts: 223
  • Cookies: 11
  • Beer makes you stronger XD
    • View Profile
    • http://www.facebook.nl/hackneus
Re: FTP scan -stats-
« Reply #2 on: January 21, 2012, 01:06:12 pm »
I scanned with a laptop,
dual core, 1gig mem
ubuntu 10.04
nmap version 5.61TEST3


I scanned off and on when I laptop wasn't in use for other things.


454769,25 seconds / 126,32 hour
--Neusbeer