Rapid7 Vulnerability & Exploit Database

Titan FTP Administrative Password Disclosure

Back to Search

Titan FTP Administrative Password Disclosure

Created
05/30/2018

Description

On Titan FTP servers prior to version 9.14.1628, an attacker can retrieve the username and password for the administrative XML-RPC interface, which listens on TCP Port 31001 by default, by sending an XML request containing bogus authentication information. After sending this request, the server responds with the legitimate username and password for the service. With this information, an attacker has complete control over the FTP service, which includes the ability to add and remove FTP users, as well as add, remove, and modify available directories and their permissions.

Author(s)

  • Spencer McIntyre

Development

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/scanner/http/titan_ftp_admin_pwd
msf auxiliary(titan_ftp_admin_pwd) > show actions
    ...actions...
msf auxiliary(titan_ftp_admin_pwd) > set ACTION < action-name >
msf auxiliary(titan_ftp_admin_pwd) > show options
    ...show and set options...
msf auxiliary(titan_ftp_admin_pwd) > run 

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;