Skip to content

ftp_login: Various improvements#21379

Open
g0tmi1k wants to merge 14 commits intorapid7:masterfrom
g0tmi1k:ftp_login
Open

ftp_login: Various improvements#21379
g0tmi1k wants to merge 14 commits intorapid7:masterfrom
g0tmi1k:ftp_login

Conversation

@g0tmi1k
Copy link
Copy Markdown
Contributor

@g0tmi1k g0tmi1k commented Apr 26, 2026
edited
Loading

Related issue: #21096

This PR covers:

  • Use dead code - previously wasn't checking for FTP permission
  • Handle anonymous creds "neater" (mix up with authbrute force mixin)
  • Stop sending out "blank" username & password
  • Clean up output (IP:PORT printed twice, nicer output etc) & more verbose
  • Add report_service & report_host (if service isn't up)

Before

[*] Connected to the database specified in the YAML file
[*] Connected to msf. Connection type: postgresql. Connection name: OYGIkFxA.
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
RHOSTS => 10.0.0.10
LHOST => tap0
msf >
msf > git checkout master
[*] exec: git checkout master

Already on 'master'
Your branch is up to date with 'origin/master'.
msf >
msf > use ftp_login

Matching Modules
================

   #  Name                             Disclosure Date  Rank    Check  Description
   -  ----                             ---------------  ----    -----  -----------
   0  auxiliary/scanner/ftp/ftp_login  .                normal  No     FTP Authentication Scanner


Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/ftp/ftp_login

[*] Using auxiliary/scanner/ftp/ftp_login
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > options

Module options (auxiliary/scanner/ftp/ftp_login):

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   ANONYMOUS_LOGIN   false            yes       Attempt to login with a blank username and password
   BLANK_PASSWORDS   false            no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS      false            no        Try each user/password couple stored in the current database
   DB_ALL_PASS       false            no        Add all passwords in the current database to the list
   DB_ALL_USERS      false            no        Add all users in the current database to the list
   DB_SKIP_EXISTING  none             no        Skip existing credentials stored in the current database (Accepted: none, user, user&realm)
   PASSWORD                           no        A specific password to authenticate with
   PASS_FILE                          no        File containing passwords, one per line
   Proxies                            no        A proxy chain of format type:host:port[,type:host:port][...]. Supported proxies: socks5, socks5h, http, sapni, socks4
   RECORD_GUEST      false            no        Record anonymous/guest logins to the database
   RHOSTS            10.0.0.10        yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT             21               yes       The target port (TCP)
   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
   THREADS           1                yes       The number of concurrent threads (max one per host)
   USERNAME                           no        A specific username to authenticate as
   USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS      false            no        Try the username as the password for all users
   USER_FILE                          no        File containing usernames, one per line
   VERBOSE           true             yes       Whether to print output for all attempts


View the full module info with the info, or info -d command.

msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > set ANONYMOUS_LOGIN true
ANONYMOUS_LOGIN => true
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > set USERNAME msfadmin
USERNAME => msfadmin
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > set PASSWORD msfadmin
PASSWORD => msfadmin
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > run
[*] 10.0.0.10:21          - 10.0.0.10:21 - Starting FTP login sweep
[-] 10.0.0.10:21          - 10.0.0.10:21 - LOGIN FAILED: : (Incorrect: )
[+] 10.0.0.10:21          - 10.0.0.10:21 - Login Successful: msfadmin:msfadmin
[*] 10.0.0.10:21          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      1         0      1      0      0

msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > services
Services
========

host       port  proto  name  state  info  resource  parents
----       ----  -----  ----  -----  ----  --------  -------
10.0.0.10  21    tcp    ftp   open         {}

msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > creds
Credentials
===========

id  host       origin     service       public    private   realm  private_type  JtR Format  cracked_password
--  ----       ------     -------       ------    -------   -----  ------------  ----------  ----------------
71  10.0.0.10  10.0.0.10  21/tcp (ftp)  msfadmin  msfadmin         Password

msf auxiliary(scanner/ftp/ftp_login) >

After

msf auxiliary(scanner/ftp/ftp_login) > git checkout ftp_login
[*] exec: git checkout ftp_login

Switched to branch 'ftp_login'
Your branch is up to date with 'origin/ftp_login'.
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > reload
[*] Reloading module...
msf auxiliary(scanner/ftp/ftp_login) > workspace -D
[*] Deleted workspace: default
[*] Recreated the default workspace
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > run
[*] 10.0.0.10:21          - Starting FTP login sweep
[*] 10.0.0.10:21          - Connecting to FTP server 10.0.0.10:21...
[*] 10.0.0.10:21          - Connected to target FTP server.
[+] 10.0.0.10:21          - Login Successful: anonymous:IEUser@ (Read-only)
[-] 10.0.0.10:21          - 10.0.0.10:21          - Login Failed: : (Incorrect)
[*] 10.0.0.10:21          - Connecting to FTP server 10.0.0.10:21...
[*] 10.0.0.10:21          - Connected to target FTP server.
[+] 10.0.0.10:21          - Login Successful: msfadmin:msfadmin (Read/Write)
[*] 10.0.0.10:21          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      1         0      2      0      0

msf auxiliary(scanner/ftp/ftp_login) >
msf auxiliary(scanner/ftp/ftp_login) > creds
Credentials
===========

id  host       origin     service       public     private   realm  private_type  JtR Format  cracked_password
--  ----       ------     -------       ------     -------   -----  ------------  ----------  ----------------
76  10.0.0.10  10.0.0.10  21/tcp (ftp)  anonymous  IEUser@          Password
77  10.0.0.10  10.0.0.10  21/tcp (ftp)  msfadmin   msfadmin         Password

msf auxiliary(scanner/ftp/ftp_login) >

@g0tmi1k g0tmi1k changed the title ftp_login ftp_login: Test access & Improve anonymous_creds Apr 26, 2026
@g0tmi1k g0tmi1k force-pushed the ftp_login branch 7 times, most recently from 6a872ad to 441041f Compare April 30, 2026 13:00
@g0tmi1k g0tmi1k changed the title ftp_login: Test access & Improve anonymous_creds ftp_login: Various improvements May 4, 2026
@g0tmi1k g0tmi1k force-pushed the ftp_login branch 9 times, most recently from 5ab5c52 to 38bb8a8 Compare May 5, 2026 17:46
@g0tmi1k
Copy link
Copy Markdown
Contributor Author

g0tmi1k commented May 5, 2026

This now needs #21380 to be merged ahead of time.

@g0tmi1k g0tmi1k force-pushed the ftp_login branch 6 times, most recently from 44235ba to c564610 Compare May 6, 2026 14:03
@cdelafuente-r7 cdelafuente-r7 self-assigned this May 6, 2026
@cdelafuente-r7 cdelafuente-r7 added the rn-enhancement release notes enhancement label May 6, 2026
@cdelafuente-r7 cdelafuente-r7 moved this from Todo to In Progress in Metasploit Kanban May 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@cdelafuente-r7 cdelafuente-r7

Labels

rn-enhancement release notes enhancement

Projects

Metasploit Kanban
Status: In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@g0tmi1k @cdelafuente-r7 @smcintyre-r7