We have already talked about SSH connection in Python. It’s time to talk about FTP [File Transfer Protocol] connection using Python.
FTP is file transfer protocol working on port 21. It is used for transferring files from Client to Server. It is a widely used service. In python, we have only one library for FTP in python that makes all connections for us. The library is ftplib.
In this article we will be seeing ways through which we can make FTP connections and interact with the FTP server using python.
Before diving into the code, I installed an ftp server in my kali OS, below are the commands:
apt-get install vsftpd
Open file in any text editor to enable anonymous login
gedit /etc/vsftpd.conf
change anonymous_enable=NO to anonymous_enable=YES
service vftpd start
**NOTE: This way you can set your own lab in which you can try all ftp your ftp scripts in python and work on exploit.
Let’s start with Anonymous login:
The Anonymous FTP login is a general login. It gives limited access to you over the ftp server. Anonymously logged in users are not usually allowed to upload file. Depending on the configuration, certain directories are only allowed and user is only allowed to retrieve the file from the server [The allowed ones]. The python script that I have written below will check the target for anonymous FTP login and return True if the login is allowed. The passwords for anonymous can be blank, email of the user or the keyword anonymous itself.
Explanation:
import ftplib to use FTP in Python.
def anoncheck(ip): function that checks for the anonymous login and return True if the anonymous login is allowed. Takes the ip as the parameter which contains the target address.
ftp=ftblib.FTP(ip): ftp object to make all FTP connections.
ftp.login(‘anonymous’,’anonymous’): Checks the login with user anonymous and password anonymous.
if len(sys.argv) <2: Checks the length of commandline arguments that are passed. If it is less than 2 than it exits the problem displaying the usage, otherwise runs the function def anoncheck(ip).
Code:
#!/usr/bin/python import ftplib import sys def anoncheck(ip): try: ftp=ftplib.FTP(ip) ftp.login('anonymous','anonymous') print('\n[+] '+str(ip)+' : Anonymous login Successful') ftp.quit() return True except Exception as e: print("\n[-] Failed login.\n"+str(e)) return False if len(sys.argv) < 2: print("Not enough arguments \n Usage: ftpcon.py hostname\n") exit() else: ip=sys.argv[1] anoncheck(ip)
OUTPUT: