CYBER-BASICS:1 FTP

WHAT IS FTP?


FILE TRANSFER PROTOCOL is a standard protocol used for transfer of computer files from a server to a client on a computer network. It is built on a client server model using separate control connections and data connections between the both of them.

FTP IN COMMON TERMS 

FTP uses a basic command reply mechanism. The client will connect to the FTP servers on port 21, the port 21 is primarily reserved for ftp connections.
 
The client will begin a synchronous conversation by sending a command to which the server will reply.

If the server replies well it means that the server is ready for the next command.The reply will come in a standardized format.

The first 3 numerals on the reply determine the state of the server.
If the first digit of the reply is 1,2,3 the reply is good and server is ready or something else which will be indicated by the next 2 digits.
If the first digit is 4 or 5 the reply is not good

Lets look at some standard replies:-
331 :- send password
23:- logged in 
250 :- success 




For secure transmission it encrypts the content of the packets sent and recieved.
It is encrypted either with SSL/TLS or FTPS or SFTP .

WHAT CAN USERS DO USING FTP

FTP can be used to store, transmit and comb through data between the server and the client. FTP generally works on a Command Line Interface but it can be accessed through a GUI.
The best and most known GUI based FTP service is filezilla.

The CYBER VIEW on FTP

Any FTP traffic can be intercepted using a MAN IN THE MIDDLE ATTACK.
To save yourselves from this we can use protocols mentioned above for encryption of dat and security of transmission.

DEFENDING THE FTP CONNECTION

The most common technique that is done is :- 
Redirect FTP through SSH on port 22 (generally deafult for ssh) and make it use SFTP








EXPLOITS AND VULNERABILITIES ON FTP

 Since FTP allows you to use an anonymous account to access it if you access it by username anonymous it will disregard any password you enter through it and will let you access the server
This is most commonly seen when there is a misconfiguration while creating a server.


More can be found using the GHDB :-




Comments

Post a Comment

Popular posts from this blog

CYBER-BASICS 3: SQL

Image
 Structured Query Language  SQL is used when a database is connected to a site allowing you the capabilities to store,retrieve and search for data. Different users will have different authorization over the access of data.   The most common thing done on sql databases is sql injection. SQL can be used in login pages for a website, the log in information for websites will sent to the server as a form of query and if the information the database will report back to the application. After this the the user permission will be granted by a cookie or an authentication token stored both in the browser and in the server.   The reason a site uses services for sql is that they need to store data somewhere and PIIs(Personally Identidiable Information) such as passwords, messages etc need to be saved.  Some common techniques of sql attack defenses are 1) input validation(compares input against malicious and non malicious preknown inputs) 2) parametrized queries(makes sure sql diffrentiates between
Read more

CYBERTOOLS:4-Using Decoys and Packet Fragmentation in nmap to bypass firewalls

 Using Decoys and Packet Fragmentation in nmap to Bypass Firewalls How to know if a device has firewall:- nmap tells us the port is filtered if the port hides behind a firewall or ids PACKET FRAGMENTATION  nmap -f is used to fragment packets. TCP header is split into parts so that the firewall has hard time reading content you can specify -f multiple times to split a packet again and again. -f once will give 8 byte packet -f -f will give 16 byte packet the more smaller the packet the harder it is to handle  to split packet into custom amount of bytes use nmap --mtu <value> this will split packet into your choice of bytes  while using --mtu the value must be a multiple of 8 USING DECOYS Using decoys work by making the target think that multiple ips are scanning a single target. This will make it harder to determine which ip are innocent and which ip are the culprit. This can be defeated by router path tracing , response dropping and other mechanisms, but is still an effective tec
Read more

SNORT Installation

Image
 1) Make sure that your kali has the following setting in the following way 2) open kali and type the following command in the terminal to check ip address and copy it or remember it  the command is "ifconfig" 3) type the following command to start snort installation  sudo apt-get install snort 4) type your ip range as required 5) go to snorts directory and create a backup of the snort.conf as we will edit it soon  to create backups use the following commands  "cp snort.conf snort.conf.back" 6) we create another backup for the snort file to edit  using the command "cp snort.conf test_snort.conf" 7) we edit with a file editor i am using nano and put your ip range  using the command  sudo nano test_snort.conf 8) test your snort changes using the following command  the command is "sudo snort -T -i eth0 -c /etc/snort/test_snort.conf" 9) now we define our new rules  10) then we test it again using the command in step 8 11) then we start using our snor
Read more