ftp_login: Various improvements

[g0tmi1k]

Related issue: #21096

This PR covers:

• Use dead code - previously wasn't checking for FTP permission
• Handle anonymous creds "neater" (mix up with authbrute force mixin)
• Stop sending out "blank" username & password
• Clean up output (IP:PORT printed twice, nicer output etc) & more verbose
• Add report_service & report_host (if service isn't up)

Before

[*] Connected to the database specified in the YAML file
[*] Connected to msf. Connection type: postgresql. Connection name: OYGIkFxA.
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
RHOSTS => 10.0.0.10
LHOST => tap0
msf >
msf > git checkout master
[*] exec: git checkout master

Already on 'master'
Your branch is up to date with 'origin/master'.
msf >
msf > use ftp_login

Matching Modules
================

   #  Name                             Disclosure Date  Rank    Check  Description
   -  ----                             ---------------  ----    -----  -----------
   0  auxiliary/scanner/ftp/ftp_login  .                normal  No     FTP Authentication Scanner


Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/ftp/ftp_login

[*] Using auxiliary/scanner/ftp/ftp_login
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > options

Module options (auxiliary/scanner/ftp/ftp_login):

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   ANONYMOUS_LOGIN   false            yes       Attempt to login with a blank username and password
   BLANK_PASSWORDS   false            no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS      false            no        Try each user/password couple stored in the current database
   DB_ALL_PASS       false            no        Add all passwords in the current database to the list
   DB_ALL_USERS      false            no        Add all users in the current database to the list
   DB_SKIP_EXISTING  none             no        Skip existing credentials stored in the current database (Accepted: none, user, user&realm)
   PASSWORD                           no        A specific password to authenticate with
   PASS_FILE                          no        File containing passwords, one per line
   Proxies                            no        A proxy chain of format type:host:port[,type:host:port][...]. Supported proxies: socks5, socks5h, http, sapni, socks4
   RECORD_GUEST      false            no        Record anonymous/guest logins to the database
   RHOSTS            10.0.0.10        yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT             21               yes       The target port (TCP)
   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
   THREADS           1                yes       The number of concurrent threads (max one per host)
   USERNAME                           no        A specific username to authenticate as
   USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS      false            no        Try the username as the password for all users
   USER_FILE                          no        File containing usernames, one per line
   VERBOSE           true             yes       Whether to print output for all attempts


View the full module info with the info, or info -d command.

msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > set ANONYMOUS_LOGIN true
ANONYMOUS_LOGIN => true
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > set USERNAME msfadmin
USERNAME => msfadmin
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > set PASSWORD msfadmin
PASSWORD => msfadmin
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > run
[*] 10.0.0.10:21          - 10.0.0.10:21 - Starting FTP login sweep
[-] 10.0.0.10:21          - 10.0.0.10:21 - LOGIN FAILED: : (Incorrect: )
[+] 10.0.0.10:21          - 10.0.0.10:21 - Login Successful: msfadmin:msfadmin
[*] 10.0.0.10:21          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      1         0      1      0      0

msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > services
Services
========

host       port  proto  name  state  info  resource  parents
----       ----  -----  ----  -----  ----  --------  -------
10.0.0.10  21    tcp    ftp   open         {}

msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > creds
Credentials
===========

id  host       origin     service       public    private   realm  private_type  JtR Format  cracked_password
--  ----       ------     -------       ------    -------   -----  ------------  ----------  ----------------
71  10.0.0.10  10.0.0.10  21/tcp (ftp)  msfadmin  msfadmin         Password

msf auxiliary(scanner/ftp/ftp_login) >

After

msf auxiliary(scanner/ftp/ftp_login) > git checkout ftp_login
[*] exec: git checkout ftp_login

Switched to branch 'ftp_login'
Your branch is up to date with 'origin/ftp_login'.
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > reload
[*] Reloading module...
msf auxiliary(scanner/ftp/ftp_login) > workspace -D
[*] Deleted workspace: default
[*] Recreated the default workspace
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > run
[*] 10.0.0.10:21          - Starting FTP login sweep
[*] 10.0.0.10:21          - Connecting to FTP server 10.0.0.10:21...
[*] 10.0.0.10:21          - Connected to target FTP server.
[+] 10.0.0.10:21          - Login Successful: anonymous:IEUser@ (Read-only)
[-] 10.0.0.10:21          - 10.0.0.10:21          - Login Failed: : (Incorrect)
[*] 10.0.0.10:21          - Connecting to FTP server 10.0.0.10:21...
[*] 10.0.0.10:21          - Connected to target FTP server.
[+] 10.0.0.10:21          - Login Successful: msfadmin:msfadmin (Read/Write)
[*] 10.0.0.10:21          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      1         0      2      0      0

msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > creds
Credentials
===========

id  host       origin     service       public     private   realm  private_type  JtR Format  cracked_password
--  ----       ------     -------       ------     -------   -----  ------------  ----------  ----------------
76  10.0.0.10  10.0.0.10  21/tcp (ftp)  anonymous  IEUser@          Password
77  10.0.0.10  10.0.0.10  21/tcp (ftp)  msfadmin   msfadmin         Password

msf auxiliary(scanner/ftp/ftp_login) >

[g0tmi1k]

This now needs #21380 to be merged ahead of time.