S E C U R I T Y

Loading

Details
Stay Up To Date
Parent Checks

  • FTP Vulnerabilities

Need Membership

Yes

Need Proof Of Ownership

No

Estimate Time (Second)

5

FTP Bounce Checker Detail

FTP bounce attack is a vulnerability type where an attacker who cannot access a server in the internal network by using targeted FTP server as a proxy to transfer files and scans ports. If this explanation sounds complex, don’t worry. You can check whether your server is impacted by this vulnerability by using our tool.

What is FTP ?

FTP (File Transfer Protocol) is a TCP-based protocol that enables file transfer between the server and the client. There are numerous FTP commands. Some of these are PUT, STOR, GET(RETR) and PORT commands. You can view the complete list by clicking the link here.

You can connect to the FTP server by using FTP clients with graphical interface (ex. Filezilla, CuteFTP, Cyberduck), by using the command line (ex. bash, iterm, powershell) or by using your browser.

If you are using a command-line interface (or a script) to connect to FTP, you can send any command you want to the target server. People with malicious intent might use PORT command which is an FTP command for your FTP server to send the request to other systems. With this method, they can transfer files or scan ports in other systems by using your FTP server.


What is FTP Bounce Attack ?

In FTP protocol, PORT command indicates an IP address and port which FTP server should connect. To learn more about PORT command, read this. People with malicious intent changes the parameters of this command and use the FTP server to open connections to different addresses.

This vulnerability enables the attacker to connect to another system via an FTP server and do unauthorised operations. For example, directory listing, port scanning, file downloading etc.


How To Check FTP Bounce Attack ?

You can check FTP Bounce vulnerability within seconds with our free and online FTP Bounce Vulnerability Control tool. To do this, you can start by typing your domain name in the form on top of the page and start scanning.

Or you can check with nmap tool and nmap -v -P0 -b username:[email protected]:port Target_Host or nmap -sV --script ftp-bounce Target_Host command which can be installed to all operating systems.

Also, you can use ftpbounce auxiliary module of “Metasploit Framework” to check the vulnerability.

Lastly, you can check manually. If your FTP server is impacted from this vulnerability, you will have a result similar to the following:

 USER A
  331 Username okay, awaiting password
  PASS A
  230 User logged in, proceed
 PORT 172,19,0,100,0,1234
  200 The requested action has been successfully completed 
 LIST
  150 File status okay; about to open data connection // We understood port 1234 is open
  226 Closing data connection 
  PORT 172,19,0,100,0,4444
  200 The requested action has been successfully completed 
 LIST
  425 No connection established // We understood port 4444 is closed
            

For example, an attacker using this vulnerability can scan ports in the internal network systems by using the following command:
nmap -v -p 21,22,445,80,443 -b username:[email protected] 192.168.0.1/24

Some Advice for Common Problems

There is a simple and effective solution to not to be impacted by this vulnerability. FTP server should be configured only to allow a connection between server and client.