Added Extended passive mode to the core ftp module. #11798
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Extended passive mode (EPSV), as documented in RFC2428 is similar to the PASSive mode in that it requests that the server open a port and wait for a data connection. However, in unlike PASSive mode, Extended Passive mode returns only the port on which the server listens for the data connection, not the IP + Port. The client is expected to use the existing IP (e.g. the one it used to create the initial control channel connection) to connect to the new data port. Where this becomes important is if the server is behind some type of natting device, EPSV will work in this case, PASS may not.
|
Hey @busterb any questions on this one? |
|
I didn't have the exact target, but this works fine for me. Thanks @bigendiansmalls |
busterb
added a commit
that referenced
this pull request
Jun 7, 2019
Merge remote-tracking branch 'upstream/pr/11798' into upstream-master
Release NotesThe Metasploit FTP client (EPSV) now includes Extended Passive Mode support which enables it to more easily traverse a NAT than with regular passive mode. |
msjenkins-r7
pushed a commit
that referenced
this pull request
Jun 7, 2019
Merge remote-tracking branch 'upstream/pr/11798' into upstream-master
|
Cheers. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Extended passive mode (EPSV), as documented in RFC2428 is similar to the PASSive mode in that it requests that the server open a port and wait for a data connection. However, in unlike PASSive mode, Extended Passive mode returns only the port on which the server listens for the data connection, not the IP + Port. The client is expected to use the existing IP (e.g. the one it used to create the initial control channel connection) to connect to the new data port.
Where this becomes important is if the server is behind some type of natting device, EPSV will work in this case, PASS may not.
Existing example using PASSive mode (how MSF currently works)
User
192.168.1.1Server public ip:
100.25.25.25Server private ip:
170.20.20.1192.168.1.1 - EST - 100.25.25.25 (nat'd 170.20.20.1)PASV)170.20.20.1 port: 1367)ls, put, get, etc.)170.20.20.1:1367and fails.Screenshot of the above
Using EPSV
Same setup as above
192.168.1.1 - EST - 100.25.25.25 (nat'd 170.20.20.1)EPSV) via Advanced Option (set PassiveMode true)1367)ls, put, get, etc.)100.25.25.25:1367and succeeds.Screenshot of the above
Verification (using any Ftp-based exploit)
msfconsoleOther Screenshots