Il est possible d’utiliser un tools tel que hydra afin de brut force l’accès ftp, cela est du a une mauvaise politique de mots de passe étant donné que le mot de passe est le même que le nom du user (vagrant:vagrant).
Afin de prévenir ces attaques il faut avoir une bonne politique de mots de passe.
msf6 exploit(unix/ftp/vsftpd_234_backdoor) > use auxiliary/scanner/ftp/ftp_version
msf6 auxiliary(scanner/ftp/ftp_version) > show options
Module options (auxiliary/scanner/ftp/ftp_version):
Name Current Setting Required Description
---- --------------- -------- -----------
FTPPASS [email protected] no The password for the specified username
FTPUSER anonymous no The username to authenticate as
RHOSTS yes The target host(s), see <https://github.com/rapid7/metasploit-frame>
work/wiki/Using-Metasploit
RPORT 21 yes The target port (TCP)
THREADS 1 yes The number of concurrent threads (max one per host)
View the full module info with the info, or info -d command.
msf6 auxiliary(scanner/ftp/ftp_version) > set RHOSTS 192.168.56.4
RHOSTS => 192.168.56.4
msf6 auxiliary(scanner/ftp/ftp_version) > run
[+] 192.168.56.4:21 - FTP Banner: '220 ProFTPD 1.3.5 Server (ProFTPD Default Installation) [192.168.56.4]\\x0d\\x0a'
[*] 192.168.56.4:21 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
┌──(kali㉿kali)-[~]
└─$ searchsploit ProFTPD | grep 1.3.5
ProFTPd 1.3.5 - 'mod_copy' Command Execution (Metasploit | linux/remote/37262.rb
ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution | linux/remote/36803.py
ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2) | linux/remote/49908.py
ProFTPd 1.3.5 - File Copy | linux/remote/36742.txt