https://github.com/waived/ftp-spreader

Scans internet for FTP servers allowing anonymous logins (non-credentialed authentication) and then uploads a malicious payload of the user's choice.
https://github.com/waived/ftp-spreader

file-injection file-injector ftp ftp-servers payload-injector spreader

Last synced: 2 days ago
JSON representation

Scans internet for FTP servers allowing anonymous logins (non-credentialed authentication) and then uploads a malicious payload of the user's choice.

• Host: GitHub
• URL: https://github.com/waived/ftp-spreader
• Owner: waived
• Created: 2024-10-03T20:12:52.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2024-10-16T20:03:38.000Z (3 months ago)
• Last Synced: 2024-11-08T14:26:31.618Z (about 2 months ago)
• Topics: file-injection, file-injector, ftp, ftp-servers, payload-injector, spreader
• Language: Python
• Homepage:
• Size: 3.91 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.txt

Awesome Lists containing this project

README

        
Purpose:

    this script generates random IPv4 addresses. After an address is generated,

    the SYN packet is sent to the address on port 21 (standard FTP port). If a

    SYN/ACK packet is received, then 21 is confirmed open.

    If an open FTP service is running on the endpoint, the script will then

    attempt to establish a session via 'anonymous login' or a non-credentialed

    login. If the server (and believe it or not, there are more than a few) allows

    anonymous logins, the script will finally upload the user-specified payload

    to the server.

Technique:

    When dropping backdoors, shells, bots, etc, it is beneficial to give the payload

    a convincing naming convention, ex: 'payload_money_generator.exe' or 'porn.elf.'

    Of course, choosing payloads that are closed-source (compiled) are going to be

    your best bet since obviously no one can edit and figure out the intent behind

    the file.

Responsibility:

    This script is a proof-of-concept and should be modified only to probe IP/s

    and/or IP range/s that the end-user has explicit permission to scan.

    By modifying, copying, re-distributing, and executing this script, you are

    hereby baring full legal and ethical responsibility for actions intened and

    unintended that arises from use of this script.

Known bugs:

    In order to send SYN probes, the Scapy library is used. The downside is that

    when sending the  SIGINT signal that is used to abort operating, it

    sometimes becomes ignored and spamming  a few consecutive times will

    do the trick to end the script.

    Although this is unprofessional, I've spent quite some time trying to

    mitigate this issue, but to no avail I'm still working out this ongoing bug.

    If anyone beat me to a solutionn, please reach out.

Enjoy!