In this post on how to hack anonymous ftp server, we are going to see an old but still gold way of accessing private resources on ftp servers without requiring any authentication.

Anonymous access is a well known vulnerability in ftp servers. It allows anybody to log in to the ftp server by using anonymous as the username and password both. Once the user successfully logs in to the ftp server, he can access all the resources including backup files, password file and other files containing sensitive data.

To exploit this vulnerabiltiy, we first need to the ftp servers which are vulnerable to anonymous access vulnerability. Shodan is the best place to find such stuff. If you are not aware, shodan is a search engine which uses banner grabbing to find publically available websites and services which are vulnerable to certain type of security vulnerabilites.

To use shodan, visit www.shodan.io and use the search bar to find vulnerable softwares. The search bar is pretty much similar to google and you can use it the same way. For our purpose, enter the query string ftp anonymous ok in search bar and press enter.

When you press the enter, the search will return a lot of results as shown. We can use any one of them.

Now that we know the ip address of vulnerable ftp server, we can simply visit the ip from our browser using ftp protocol. For eg: we can visit ftp://128.127.144.4/ and it will show us all the files available on this particular ftp server.

As you can see,  we are able to access the resources on this server without any authentication. This is because the server allows anonymous access. When we visit the IP address using our browser, the browser automaticaly submits the credentials for anonymous access. This is why we do not need to submit any username or password to access it

That’s it for this post. I hope you like it. Please share your feedback in comments section.


Note: Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.