How to find vulnerable ftp servers
by DeezNutz420 - March 03, 2016 at 08:06 AM
#1
This method is for finding open FTP servers with no password.

Step one:
Register on Shodan.io. This is what you will use to look for your victims.

Step two:
Download FileZilla or another FTP client. This is what you will use to connect.
(Recommended: VPN or proxy.)

Step three:
Open shodan and search any of the following:
RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R AND the word 'suc cess' (No space, added because succ emote) 

Step quatro:
You should now have a list of IPs with anonymous FTP enabled by default.
Paste one of these IPs into your FTP client of choice and hit connect. No username or password required Smile


How does this work?
Well to put it simply:

John got a new router. 
John plugged in hid router and used it like a regular fucking router. 
John got the bright idea to plug his external hard drive with his backup of his bank details and credit cards into his router via USB so he could access the files on his PC and laptop at the same time. 
What John didn't know was that he had an Asus RT-N66U router. 
When he plugged in that external hard drive, he made an anonymous FTP server with NO PASSWORD that can be used by anyone on the internet. 
John then got his identity stolen by multiple RF members and all his files were replaced with memes and horse p o r n.

Anyway, hope you enjoy. Don't do this tho its illegal and stuff so yeah.
Succ
Reply
#2
succ for shoutbox
Reply
#3
pretty fuckin dank
Reply
#4
+1 Vouch
Reply
#5
dayum sooooon

i wanted to do some ip cams but i forgot what shodan was called
thanks for this thread now i can get back to do ip cams
Kappa
Reply
#6
You don't even need to download an ftp client.
Chrome, Firefox and even Internet Explorer have ftp capabilities, just type in ftp://<ip-address or url>.
If you're on Windows you can also type ftp <ip/url> in cmd, as username you use "anonymous" and as password you have to give them an e-mail address which only identifies as an e-mail address by the character '@'. So you can just type in '@' as password and you're in.
Type help to see all commands for the windows ftp-client and you're good to go.
Reply
#7
Interesting...

But personal note here, this would usually hold no purpose because if you actually want some important information
But I guess this could be fun to mess around with...
Anyway, nice find
Reply
#8
Wesome Method, Many thanks
Reply
#9
This is really great keep up with post like these
Reply
#10
good that is nice , thanks u br
Reply
#11
HAHAHAHA! thats badass. thanks man, time to mess with stuffs
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
OSINT Tool To Find Breached Emails And Databases bklake 47 3,206 October 15, 2021 at 02:45 PM
Last Post: Timbucktoo
Find sensitive information online (Easy) xVersatile 100 3,831 October 14, 2021 at 06:38 PM
Last Post: root_bot
Find Secrets And Info With Google send99 0 116 October 06, 2021 at 10:19 AM
Last Post: send99

 Users browsing this thread: 1 Guest(s)