0

Let’s take an FTP based passwords stealer, or some keylogger, that uploads the details of our victims to our FTP server. How do they connect back to our FTP server?

As far as I know that for uploading any file to our FTP server we need its details (hostname, user and password). So do they keep our FTP details inside them? If yes then, if our victim know reverse engineering, can't he steal our FTP details and this will be reverse attack on attacker?

Does it work like this or am I misunderstanding something?

e-sushi
  • 1,296
  • 2
  • 14
  • 41
Praveen Yadav
  • 331
  • 2
  • 10

1 Answers1

2

You are implying that knowledge of the server and the FTP credentials is sufficient to attack the server or account. I'm note sure what kind of attacks you envision but:

  • The credentials might also be used for this specific FTP account, i.e. no SSH access or similar to the server is possible
  • The credentials might also be sufficient for uploading data to the server but not for directory listing or downloading data. This write-only mode is actually not that uncommon with FTP, often combined with allowing anonymous uploads into a special incoming directory. This is sometimes called a "blind drop".

Assuming that these credentials are only for this server and only usable for write-only access to FTP I cannot see really useful ways to attack the server, apart from denial of service attacks.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • @PraveenYadav: again, the FTP account might only be usable for uploads. If this is the case you cannot have directory listing and downloads. For more information about such configurations search for [ftp blind drop](https://www.google.com/search?q=ftp+blind+drop) or [ftp write only](https://www.google.com/search?q=ftp+write+only). – Steffen Ullrich Nov 19 '17 at 13:48