Anonymous FTP login checker script using Python: Hacking with Python Series

python

We have already talked about SSH connection in Python. It’s time to talk about FTP [File Transfer Protocol] connection using Python.

ftp using python

FTP is file transfer protocol working on port 21. It is used for transferring files from Client to Server. It is a widely used service. In python, we have only one library for FTP in python that makes all connections for us. The library is ftplib.

In this article we will be seeing ways through which we can make FTP connections and interact with the FTP server using python.

Before diving into the code, I installed an ftp server in my kali OS, below are the commands:

apt-get install vsftpd

Open file in any text editor to enable anonymous login

gedit /etc/vsftpd.conf

change anonymous_enable=NO to anonymous_enable=YES

service vftpd start

**NOTE: This way you can set your own lab in which you can try all ftp your ftp scripts in python and work on exploit.

Let’s start with Anonymous login:

The Anonymous FTP login is a general login. It gives limited access to you over the ftp server. Anonymously logged in users are not usually allowed to upload file. Depending on the configuration, certain directories are only allowed and user is only allowed to retrieve the file from the server [The allowed ones]. The python script that I have written below will check the target for anonymous FTP login and return True if the login is allowed. The passwords for anonymous can be blank, email of the user or the keyword anonymous itself.


Explanation:

import ftplib to use FTP in Python.

def anoncheck(ip): function that checks for the anonymous login and return True if the anonymous login is allowed. Takes the ip as the parameter which contains the target address.

ftp=ftblib.FTP(ip): ftp object to make all FTP connections.

ftp.login(‘anonymous’,’anonymous’): Checks the login with user anonymous and password anonymous.

if len(sys.argv) <2: Checks the length of commandline arguments that are passed. If it is less than 2 than it exits the problem displaying the usage, otherwise runs the function def anoncheck(ip).


Code: 

#!/usr/bin/python
import ftplib
import sys

def anoncheck(ip):
	try:
		ftp=ftplib.FTP(ip)
		ftp.login('anonymous','anonymous')
		print('\n[+] '+str(ip)+' : Anonymous login Successful')
		ftp.quit()
		return True
	except Exception as e:
		print("\n[-] Failed login.\n"+str(e))
		return False

if len(sys.argv) < 2:
	print("Not enough arguments \n Usage: ftpcon.py hostname\n")
	exit()
else:
	ip=sys.argv[1]
	anoncheck(ip)

OUTPUT:
ftp anonymous login script hacking with python


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.