FTP Attacks

In the realm of cybersecurity, staying one step ahead of potential threats is paramount. To do so, security professionals often engage in simulated exercises to understand how attackers operate and develop strategies for defense. In this blog post, we will delve into a hands-on lab activity that covers network discovery, FTP attacks, and network defense. We'll explore the tools and techniques used, analyze the findings, and understand how these experiences contribute to strengthening cybersecurity practices. 

Part 1 – Network Discovery and Detection

Part #2 – FTP Brute Force Attack & Detect 

Command: $ nmap --script ftp-brute -p 21 <ip-of-your-metasploitable>

Command: $ tshark -r ftpbruteforce.pcap -Y "ftp.request.command == USER" 

Command: $ tshark -r ftpbruteforce.pcap -Y "ftp.request.command == PASS" 

After analyzing the output, it's clear that numerous usernames were sent during the FTP brute force attack. What stands out is that "395" appears with the highest count, strongly implying that "395" is the username that the attacker sent most frequently.

However, it's crucial to emphasize that "395" doesn't seem like a legitimate username by any means. This raises suspicion that it might be a result of the brute force attack's attempt to try various usernames systematically. This finding strongly supports the hypothesis that our FTP server is indeed under a brute-force attack. The absence of a commonly used, legitimate username like "395" in normal operation further solidifies this suspicion.

Conclusion

Simulated exercises like this lab activity provide invaluable insights into real-world cybersecurity challenges. They help security professionals understand the tactics employed by threat actors, detect vulnerabilities, and develop strategies for defense.

By identifying network discovery protocols, uncovering attack patterns, and practicing exploitation detection, security practitioners can strengthen their organization's cybersecurity posture. Tools like Wireshark, Nmap, Metasploit, and Kibana are essential in these endeavors.

In a constantly evolving threat landscape, staying informed, practicing hands-on exercises, and leveraging the right tools are critical components of a robust cybersecurity strategy. This lab activity serves as a reminder that proactive defense is the key to mitigating security risks and protecting sensitive information.

Author:

Hasan Hashim

Cyber Security and Digital Forensics