Study on risks of allowing anonymous login to the FTP server on Windows FTP Server

Source: Internet
Author: User
Tags ftp login
For network administrators who lack awareness of network security, When configuring a Windows Server, they often only allow the Web server to work and install some common patches. Therefore, the server is considered safe. In fact, this is not the case. When he does not pay attention to the danger of anonymous FTP login, a serious vulnerability may occur. (For more information about this risk, see my article "Association on intrusion".) let's take a practical example to see the danger of anonymous login.

In Shell, we can start FTP login: (assume the host is
Connected to
220 wyztc Microsoft FTP service (Version 3.0 ).
User ( Anonymous
331 anonymous access allowed, send identity (E-Mail Name) as password.
Password: Enter anonymous, guest @, or guest
The following is an explanation of this process (in the black body, the user inputs). First, specify the IP address for anonymous login, and then FTP starts to connect to the specified IP address. In the third line, 220 indicates that the connection is successful, and wyztc indicates the NetBIOS Name of the host. If you have a certain understanding of Windows NT/2000, you will know that the host must have an account named IUSR_machinename (iusr_wyztc at this time, it is a general account that a common user browses on this host. Then, enter anonymous and the password anonymous to log on!

The first thing after logging on is to use CD to jump to the directory, which is the most difficult. If you can successfully enter the CIG-bin or scripts directory, you will probably get the highest permissions of the entire system. Now we are lucky to have successfully changed the directory, that is, the scripts directory. Next we need to upload some files to this directory (assume that all the files needed below are placed in D: \ hacker \ medium ):

Ftp> mput D: \ hacker \ cmd.exe
Ftp> mput D: \ hacker \ getadmin.exe
Ftp> mput D: \ hacker \ gasys. dll

After the display is successful, you can switch to the browser and enter the following command: http: // Iusr_wyztc
After more than 10 seconds, the screen is displayed:
CGI Error
At this time, it is very likely that the iusr_wyztc account is added to the Administrators group, that is, all users who access are administrators. Since access through a browser is already administrator, so we can use net user to add a new account. To prevent the administrator from discovering it, it is best to activate the Guest account!

Http: // /C20% C: \ winnt \ system32 \ net.exe user guest/active: Yes
Http: // Guest

In this way, a guest user with the permissions of the Administrators group is successfully added to the host, and it is difficult for the Administrator to be aware of it, which is highly risky. In addition, once you have the Administrator permission, you can place some backdoors so that the host is no longer secure.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.