subtitlecat.com

All language subtitles for 2. FTP Anonymous Login

Afrikaans

Akan

Albanian

Amharic

Arabic Download

Armenian

Azerbaijani

Basque

Belarusian

Bemba

Bengali

Bihari

Bosnian

Breton

Bulgarian

Cambodian

Catalan

Cebuano

Cherokee

Chichewa

Chinese (Simplified)

Chinese (Traditional)

Corsican

Croatian

Czech

Danish

Dutch

English

Esperanto

Estonian

Ewe

Faroese

Filipino

Finnish

French

Frisian

Galician

Georgian

German

Greek

Guarani

Gujarati

Haitian Creole

Hausa

Hawaiian

Hebrew

Hindi

Hmong

Hungarian

Icelandic

Igbo

Indonesian

Interlingua

Irish

Italian

Japanese

Javanese

Kannada

Kazakh

Kinyarwanda

Kirundi

Kongo

Korean

Krio (Sierra Leone)

Kurdish

Kurdish (Soranî)

Kyrgyz

Laothian

Latin

Latvian

Lingala

Lithuanian

Lozi

Luganda

Luo

Luxembourgish

Macedonian

Malagasy

Malay

Malayalam

Maltese

Maori

Marathi

Mauritian Creole

Moldavian

Mongolian

Myanmar (Burmese)

Montenegrin

Nepali

Nigerian Pidgin

Northern Sotho

Norwegian

Norwegian (Nynorsk)

Occitan

Oriya

Oromo

Pashto

Persian

Polish

Portuguese (Brazil)

Portuguese (Portugal)

Punjabi

Quechua

Romanian

Romansh

Runyakitara

Russian

Samoan

Scots Gaelic

Serbian

Serbo-Croatian

Sesotho

Setswana

Seychellois Creole

Shona

Sindhi

Sinhalese

Slovak

Slovenian

Somali

Spanish

Spanish (Latin American)

Sundanese

Swahili

Swedish

Tajik

Tamil

Tatar

Telugu

Thai

Tigrinya

Tonga

Tshiluba

Tumbuka

Turkish

Turkmen

Twi

Uighur

Ukrainian

Urdu

Uzbek

Vietnamese

Welsh

Wolof

Xhosa

Yiddish

Yoruba

Zulu

Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,000 --> 00:00:03,353 2 00:00:03,353 --> 00:00:06,706 [LOGO AUDIO] 3 00:00:06,706 --> 00:00:10,070 4 00:00:10,070 --> 00:00:13,100 Now that we've got an idea how FTP works, 5 00:00:13,100 --> 00:00:16,970 let's look at some default configurations that we normally 6 00:00:16,970 --> 00:00:19,340 take advantage of. 7 00:00:19,340 --> 00:00:22,565 And it's easy, low-hanging fruit. 8 00:00:22,565 --> 00:00:27,700 9 00:00:27,700 --> 00:00:32,409 We're RVM, let's check our IP address with an IPA. 10 00:00:32,409 --> 00:00:37,750 Our address is 192.13.191.2, so our victim 11 00:00:37,750 --> 00:00:40,900 is going to be the .3. 12 00:00:40,900 --> 00:00:43,570 We'll make sure that it's up with a ping. 13 00:00:43,570 --> 00:00:50,330 Ping 192.13.191.3. 14 00:00:50,330 --> 00:00:53,450 We're getting good replies, so it is up. 15 00:00:53,450 --> 00:00:54,350 Let's scan it. 16 00:00:54,350 --> 00:00:57,410 17 00:00:57,410 --> 00:01:00,110 And we've got port 21 open. 18 00:01:00,110 --> 00:01:05,030 We can add in a port 21 services can. 19 00:01:05,030 --> 00:01:09,270 20 00:01:09,270 --> 00:01:13,950 And it's VSFTPD, which doesn't much matter. 21 00:01:13,950 --> 00:01:16,630 The last one was ProFTPD. 22 00:01:16,630 --> 00:01:22,710 And we'll get into what all these versions mean later. 23 00:01:22,710 --> 00:01:26,700 But for now we just know that it's running that software. 24 00:01:26,700 --> 00:01:34,580 What we really want to find out is if there's 25 00:01:34,580 --> 00:01:36,020 a vulnerability in this one. 26 00:01:36,020 --> 00:01:43,220 And FTP ANON is fairly common, anonymous login. 27 00:01:43,220 --> 00:01:47,520 We tried looking for it in the last one. 28 00:01:47,520 --> 00:01:48,510 So look here. 29 00:01:48,510 --> 00:01:54,610 And it says anonymous FTP Login is allowed. 30 00:01:54,610 --> 00:01:58,600 And it even says that they have Read access 31 00:01:58,600 --> 00:02:02,860 and some Execute access to this pub. 32 00:02:02,860 --> 00:02:04,055 So then let's check it out. 33 00:02:04,055 --> 00:02:04,555 FTP. 34 00:02:04,555 --> 00:02:07,450 35 00:02:07,450 --> 00:02:10,150 The IP address .3. 36 00:02:10,150 --> 00:02:14,110 And how you get in is anonymous. 37 00:02:14,110 --> 00:02:17,530 And then hit Enter when it asks for the password. 38 00:02:17,530 --> 00:02:21,490 And it says login successful. 39 00:02:21,490 --> 00:02:23,920 We can run an LS. 40 00:02:23,920 --> 00:02:27,790 And this script that we ran before, all it did 41 00:02:27,790 --> 00:02:33,790 was log in, try anonymous, and then run an LS 42 00:02:33,790 --> 00:02:36,130 and see what happened. 43 00:02:36,130 --> 00:02:37,130 Report back. 44 00:02:37,130 --> 00:02:42,000 So now we've done all those things ourselves. 45 00:02:42,000 --> 00:02:45,350 Anonymous login works. 46 00:02:45,350 --> 00:02:46,925 We could GET flag. 47 00:02:46,925 --> 00:02:50,070 48 00:02:50,070 --> 00:02:54,094 It sent it across. 49 00:02:54,094 --> 00:02:57,620 Say bye to FTP. 50 00:02:57,620 --> 00:02:58,500 CAT the flag. 51 00:02:58,500 --> 00:03:01,360 52 00:03:01,360 --> 00:03:01,960 And it worked. 53 00:03:01,960 --> 00:03:04,925 54 00:03:04,925 --> 00:03:06,550 That's really all there is to that one. 55 00:03:06,550 --> 00:03:11,710 56 00:03:11,710 --> 00:03:17,290 Anonymous FTP login is an old thing 57 00:03:17,290 --> 00:03:20,110 because it used to be, hey, if they couldn't 58 00:03:20,110 --> 00:03:22,030 get into our network, then it doesn't 59 00:03:22,030 --> 00:03:25,930 matter if we've got passwords on these shares, 60 00:03:25,930 --> 00:03:29,350 or passwords on our FTP, because we've got a firewall. 61 00:03:29,350 --> 00:03:30,880 And we've got routers. 62 00:03:30,880 --> 00:03:33,310 And we'll catch them before they get in. 63 00:03:33,310 --> 00:03:38,020 Well what if they get in and you don't have segmentation, 64 00:03:38,020 --> 00:03:41,010 and you don't have proper configurations on all 65 00:03:41,010 --> 00:03:44,030 of your servers? 66 00:03:44,030 --> 00:03:45,524 This happens. 67 00:03:45,524 --> 00:03:46,024 4159