File Transfer Protocol:
File Transfer Protocol (FTP) is a commonly used protocol for transferring files over the Internet. It was first introduced in the 1970s and has since become one of the most widely used methods for transferring files.
Despite being an older protocol FTP is still widely used, with an estimated 3,200,000 public IP addresses still using FTP on Port 21 for file transfers Common Port number used for FTP is Port 21,
Port 21 is used for FTP control traffic, which includes login credentials and other commands related to the management of file transfer.
Port 20 is used for Data Transfers
Man in the Middle (MITM) attack:
FTP transfers data in plaintext, it is vulnerable to MITM attacks, where an attacker intercepts the communication between the client and server and can tamper with the data being transferred.
Remote code Execution:
When FTP servers are poorly configured or have outdated software, they can be vulnerable to RCE attack. Attacker can execute malicious code on the server, potentially taking control of the system
Attacker sends a large amount of data to the server, causing it to crash or allowing the attacker to take control of the system
Directory Traversal :
Attacker Manipulates file paths to access sensitive files and directories that they should not have access to.
Brute Force attack :
Trying multiple username and password combinations in an attempt to guess the correct credentials.
Ettercap is a technique where an attacker sends false ARP messages to a network, mapping their Own MAC address to the IP address of another device on the network. This allows the attacker to intercept and modify the communication between the client and server.
Wireshark is a network protocol analyzer tool that can be used to capture and analyse network traffic. You can use wireshark to monitor the networking traffic during the MITM attack and see the data being intercepted and modified.
Man In The Middle Attack on FTP:
Step 1 : Set up the virtual lab environment by configuring the Windows server as the FTP server and The Ubuntu as the FTP client
Step 2 : Start Ettercap on the kali Linux virtual machine to map its MAC address to the IP address of the FTP server. This will cause the client to send all FTP traffic to the attacker instead of the server.
Step 3 : Start Wireshark on the Kali Linux virtual machine to capture and analyze the network traffic.
Step 4 : initiate an FTP connection from the Ubuntu client to the Windows server
Step 5: Observe the network traffic with Wireshark and see the intercepted data.
Here we are able to see,
User name : NEW_USER
Password : old_member
For more about the lab environment visit the link below,
Using Secure Protocols:
Switching from FTP to secure file transfer protocols, such as SFTP (Secure File Transfer Protocol) or FTPS (FTP over SSL) or FTP over TLS , can help prevent eavesdropping and tampering of data in transit. These protocols encrypt all data transfers and provide a secure channel for communication.
Implementing Proper Access Control and Authentication:
Ensure that access control is implemented for FTP servers, with users only having access to the data they need. Strong authentication, such as using unique usernames and passwords, or using public-key authentication, can help prevent unauthorized access.
Monitoring Network Traffic:
Monitoring network traffic for unusual activity, such as large amounts of data transfers or unexpected connections, can help detect a potential attack and take action.
Regular Software Updates:
Regularly updating FTP software, including the operating system, can help prevent exploits of known vulnerabilities.
Implementing a firewall to control incoming and outgoing traffic can help protect against unauthorized access.
By implementing these mitigation techniques, you can reduce the risk of FTP vulnerabilities and improve the security of your file transfers