[FTP] (Response:'NoneType' object has no attribute 'sendall')

byt3bl33d3r / CrackMapExec

A swiss army knife for pentesting networks

BSD 2-Clause "Simplified" License

8.45k stars 1.64k forks source link

[FTP] (Response:'NoneType' object has no attribute 'sendall') #707

Open zAbuQasem opened 1 year ago

zAbuQasem commented 1 year ago

Describe the bug Error when brute-forcing FTP on FileZilla Server 0.9.60 beta

To Reproduce crackmapexec ftp -u usernames.txt -p pass.txt

Expected behavior Working Bruteforce

Screenshots

Crackmapexec info

OS: Kali
Version of CME v5.4.1
Cloned the repo and installed with pipx

RomanRII commented 1 year ago

@zAbuQasem Could you send a screenshot of the output when connecting to this service via nc.

nc 172.16.1.101 21

When the script connects to the host, it runs: self.remote_version = self.conn.getwelcome() Which gets the welcome message from the service.

If successful, it then parses the output using: self.remote_version = self.remote_version.split("220", 1)[1]

Otherwise, it outputs a verbose message stating the 'non 220' message.

Here, it seems like when it gets the message from: self.remote_version = self.conn.getwelcome()

it does not get anything. So instead of returning a message through: self.logger.info(u"Banner:{}".format(self.remote_version))

It just returns the verbose error message that the self.remote_version has nothing.

Other than it not reporting the version info, the script is running as expected. The failed logins are still correct

zAbuQasem commented 1 year ago

Unfortunately, i won't be able to test it, if this occurs in the future I will reopen a new issue.

ahanel13 commented 1 year ago

I'm running into the same issue when I'm going through the HackTheBox academy. I've been able to successfully brute FTP for this lab https://academy.hackthebox.com/module/116/section/1165 with Hydra and Medusa, but crackmapexec fails to find the user and password combination.

I think it may have to do with the (Response:'NoneType' object has no attribute 'sendall')

This is the command I'm running crackmapexec --verbose ftp $ip -u users.list -p passwords.list --port 2121

Banner: ProFTPD Server (InlaneFTP)

RomanRII commented 1 year ago

I’ll take a check tonight and see if I can identify the issue.

Roman Rivas II

On Sun, Oct 29, 2023 at 12:22 PM, Anthony Hanel @.***(mailto:On Sun, Oct 29, 2023 at 12:22 PM, Anthony Hanel < wrote:

I'm running into the same issue when I'm going through the HackTheBox academy. I've been able to successfully brute FTP for this lab https://academy.hackthebox.com/module/116/section/1165 with Hydra and Medusa, but crackmapexec fails to find the user and password combination.

I think it may have to do with the (Response:'NoneType' object has no attribute 'sendall')

This is the command I'm running crackmapexec --verbose ftp $ip -u users.list -p passwords.list --port 2121

Banner: ProFTPD Server (InlaneFTP)

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>