Computer and Communication
Engineering
Course: Unix Administration
Code: 020ADUES3
Internal Penetration Testing and Security Hardening of FTP Servers
Lab Objectives:
The objective of this lab is to manipulate the mechanisms adopted to apply FTP installation and
configuration, enumeration and attack, system security and precaution. It is made up of six parts
which we detail below:
1- Network Scanning.
2- Sniffing and Brute Force Attack.
3- SSL certificate Setting.
4- Applying iptables chain rule for certain number of login attempts.
In this lab we will use two frameworks for network analysis and penetration testing:
- Wireshark is a network protocol analyzer, a powerful tool that captures and displays data
packets traveling across a network in real-time.
- Metasploit is an open-source penetration testing framework.
Part I: Setting up the Network:
This lab simulates an internal network attack, where a first Ubuntu machine (Ubuntu1) serves as
FTP Client, and a second Ubuntu machine (Ubuntu2) serves as FTP Server. Both machines
communicate through a Kali Linux Machine that performs a Man-in-the-Middle (MITM) attack
by routing and intercepting traffic.
1
� ✓ Ubuntu1 Linux (FTP Client)
- Role: Ubuntu1 machine acts as the FTP Client. It uses FileZilla Software to send and receive
files from FTP Server using the FTP Protocol. All networks packets are routed through Kali
to the FTP server.
✓ Kali Linux (MITM Attacker/ Router)
- Role: Kali acts as a Man-in-the-Middle (MITM) and as a router. It receives traffic from
ftp-client (eth1) and forwards it to ftp-server (eth2). It also serves as Gateway that connects
all machines to Internet through the eth0 interface. It also monitors, manipulates, and
analyzes FTP packets (e.g., using Wireshark and Metasploit).
✓ Ubuntu2 Linux (FTP-Server)
- Role: Ubuntu2 machine acts as an FTP Server. It runs the vsftpd service and
communicates only with the Kali machine.
-
Part II: Installation and Configuration of vsftpd on Ubuntu2
As you know, File Transfer Protocol (FTP) is used for the transfer of computer files between a
client and server in a network port via 21.
✓ Install the vsftpd package to your repository by executing the following commands using
the root user:
sudo apt update
sudo apt install -y vsftpd
✓ After installing vsftpd, you need to configure it by editing the main configuration file
located at /etc/vsftpd.conf and this can be done as follows:
1. To do this, open a terminal and run sudo nano /etc/vsftpd.conf.
2. Inside the file, make sure to set
anonymous_enable=YES #to enable anonymous login,
local_enable=YES #to allow system users to log in,
write_enable=YES #to permit uploads and optionally customize the ftpd_banner with a welcome message.
3. Save the file and restart the service using
sudo systemctl restart vsftpd
4. To make sure vsftpd starts automatically with the system, run
sudo systemctl enable vsftpd
This completes the basic FTP server setup on Ubuntu and will start the FTP service on port 21.
2
� On the Ubuntu1 Machine (FTP Client), install the FileZilla Package:
sudo apt install filezilla
Part III: Hack the Port – From Scanning to Securing FTP
✓ Step 1: FTP Scanning:
Scanning plays an important role in penetration testing because through scanning the attacker
makes sure which services and open ports are available from enumeration and attack.
- From your Kali machine, open the Terminal and execute the following command to do a
network scanning to check if the FTP server is up and running on the Ubuntu machine:
nmap -p 21 192.168.2.10
If service is activated in targeted server, then nmap show open STATE for port 21.
✓ Step 2: Anonymous Login
FTP users (same as the Ubuntu system users) may authenticate themselves with a clear-text
sign-in protocol, normally in the form of a username and password, but can connect
anonymously if the server is configured to allow it.
If anonymous login is allowed by you to connect with FTP, then anyone can login into server.
An attacker can easily search for anonymous login permissions using the following Metasploit
exploit.
- By using your Kali machine, run the MSF server using the msfconsole command and execute
the following commands:
use auxiliary/scanner/ftp/anonymous
set rhosts 192.168.2.10
exploit
From the output of the exploit command, you can observe that it is showing permission READ
from FTP server.
If it is the case, it is quite important that you (as administrator) should not give any permission
to an anonymous user for login into server by disabling the anonymous login inside the config
file:
Open vsftpd.conf
Set anonymous enable=NO
service vsftpd restart
Before retesting it, restart the vsftpd server by executing this command:
systemctl restart vsftpd
✓ Step 3: FTP sniffing and Brute Force Attack
- An attacker can help with sniffing tools which can sniff the data packet travelling between
server and client in a network and retrieve credentials, this is known as sniffing, after then
3
� use them for unauthorized access. FTP users (same as Ubuntu users) may authenticate with a
clear-text sign-in protocol for username and password.
- Open Wireshark in your Kali machine using the command wireshark and try to capture the
TCP stream on eth1 or eth2 interface while connecting from FileZilla to your vsftpd server.
You will be able to capture the username/password of the FTP authentication because the
FTP over port 21 sends the credentials and the data as plain text.
✓ Step 4: FTP Brute Force Attack
Another way to steal credentials is Brute force attack on FTP server using Metasploit. Open
the terminal in your Kali Linux and Load Metasploit framework now type following
command to Brute Force FTP login.
use auxiliary/scanner/ftp/ftp_login
set rhosts 192.168.2.10
set user_file /home/kali/Desktop/user.txt
set pass_file /home/kali/Desktop/pass.txt
set stop_on_success true
exploit
user.txt and pass.txt contain common usernames and passwords that the framework can use to
try to login to the FTP server.
✓ Step 5: Adding a threshold to lock the account
A threshold account lockout policy can be possible in UNIX also through iptables chain rule.
Here you (as administrator) can set iptables chain rules for certain number of logins attempts
and if user crossed the define number, then the account will get locked in some time as specified
by the administrator.
You need in this step to set iptables chain rules for account lockout policy.
iptables -I INPUT -p tcp --dport 21 -m recent --update --seconds 10 --hitcount 3 --rttl --name FTP -j DROP
iptables -I INPUT -p tcp --dport 21 -m recent --set --name FTP
✓ Step 6: Use SSL Certificate to prevent Credential Stealing
SSL stands for Secure Sockets Layer, the protocol which provides secure, encrypted
communications between server and client, this encrypts data packet travelling between server-
client networks. Although the attacker can sniff network data packet but will not be able to read
fetched information because entire data will show in the form of cipher-text.
The administrator needs to generate their own SSL certificate to secure authentication, and this
can be done by applying the following:
- Make the directory where the SSL certificate keys will be stored:
sudo mkdir /etc/ssl/certificates
4
�- Type following command which generates a SSL certificate inside certificates directory using
rsa 2048 encryption valid for 365 days
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/certificates/vsftpd.pem \
-out /etc/ssl/certificates/vsftpd.pem
- For generating new private key, it requires information such as Country name, state, email
address and so on. After completing the step, open the configuration file of VSFTPD and add
the certificate to the server at the end of the file and restart the VSFTPD server:
rsa_cert_file=/etc/ssl/certificates/vsftpd.pem
rsa_private_key_file=/etc/ssl/certificates/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
After restarting the server, try to reconnect to your FTP server via FileZilla while opening
Wireshark on your Kali machine. You won’t be able to detect the username and password of
the FTP server.
