Titan FTP Administrative Password Disclosure
On Titan FTP servers prior to version 9.14.1628, an attacker can retrieve the username and password for the administrative XML-RPC interface, which listens on TCP Port 31001 by default, by sending an XML request containing bogus authentication information. After sending this request, the server responds with the legitimate username and password for the service. With this information, an attacker has complete control over the FTP service, which includes the ability to add and remove FTP users, as well as add, remove, and modify available directories and their permissions.
- Spencer McIntyre
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/scanner/http/titan_ftp_admin_pwd msf auxiliary(titan_ftp_admin_pwd) > show actions ...actions... msf auxiliary(titan_ftp_admin_pwd) > set ACTION <action-name> msf auxiliary(titan_ftp_admin_pwd) > show options ...show and set options... msf auxiliary(titan_ftp_admin_pwd) > run