FTP command line not working

[studzwoodworking]

Installed ESPCanary on a WeMos D1 mini by following along with your youtube video (Awesome vid btw and awesome project). But I seem to be having an issue that whenever i try to use commandline ftp to ftp to the ftp canary I get the following output: 220--- Welcome to FTP --- 220 -- Version FTP-2017-10-18 -- 500 Syntax error 331 OK. Password required User (192.168.1.223:(none)):

If I then try to enter the user/pass configured in the script (your default), after entering the user id and pressing enter, the FTP server immediately quits, throws a syntax error, and immediately quits.: 220--- Welcome to FTP --- 220 -- Version FTP-2017-10-18 -- 500 Syntax error 331 OK. Password required User (192.168.1.223:(none)): admin 500 Syntax error Login failed.

Any chance of this getting fixed or at least triggering the canary token when a login is attempted (even if failed)?

If I connect to it with an ftp client gui application where I can provide the UID and Pass beforehand, it connects without issue.

I typically wouldnt care if the command line ftp actually exhibited this behavior as long as the canary is triggered, which I do not believe is occurring as I have not received the token emails

[studzwoodworking]

Note, btw that I have tried this install on a WeMos D1 Mini, ESP8266 NodeMCU Dev Board, and an ESP-WROOM-32 Dev board all with the same result.

[mudmin]

I'll definitely take a look at that. I never really considered the command line. If you have time, would you mind doing one using this library and seeing if you can connect that way.... https://github.com/nailbuster/esp8266FTPServer That is what this thing is based on, so that would help me to figure out if my wildcard stuff broke it, or if that functionality was never there to begin with.

[studzwoodworking]

Will do tomorrow.... Ill let you know.

On Wed, Feb 17, 2021 at 7:26 PM mudmin notifications@github.com wrote:

I'll definitely take a look at that. I never really considered the command line. If you have time, would you mind doing one using this library and seeing if you can connect that way.... https://github.com/nailbuster/esp8266FTPServer

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mudmin/ESPCanary/issues/3#issuecomment-780944540, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS4PTRYS5CR2XRSHCRMBXH3S7RNDZANCNFSM4XZHKYPA .

[studzwoodworking]

Gave this a try this morning using the library you suggested (which, by the way, does have my issue listed in its issues list).

Using the example sketch that came with the library, it produces the same result... Connected to 192.168.1.211. 220--- Welcome to FTP for ESP8266/ESP32 --- 220--- By David Paiva --- 220 -- Version FTP-2017-10-18 --

500 Syntax error530 user not found User (192.168.1.211:(none)): esp8266 221 Goodbye Connection closed by remote host.

I also dug a little further... the ESP8266FTPServer.h library is a fork from the Arduino Ethernet Shield FTP project, which does report that Windows command line FTP works with it (and command line login is not a listed issue). As a test, I have ordered an ethernet shield for my Uno R3 and will try the original project once the shield arrives on Sunday.

Ultimately, I can care less if ftp command line logins work, as long as the canary is being triggered for the attempt. My theory is that if an intruder is sniffing around, more than likely, it is not a human doing the work. The ftp server logins would be brute force and scripted, which, in essence would not be in a gui client but rather some form of scripted command line ftp. With that being the case, multiple command line attempts in rapid succession would be attempted (and fail), but if the attempt triggers the canary, I will get notification of the attempts.

Ultimately, I am trying to use the D1 mini as a proof of concept for my server infrastructure at work (and it would be nice to have on my network at home tbh). If i'm able to prove that the canary works by setting up 2 of them (one in each data center) and have them trigger if an intruder tries to login to the canary ftp server, I can then go with a more permanent solution (be it a paid solution or a solution like Open Canary). Using the D1 will allow me to prove to my boss that canaries are useful to have implanted on the network and will help with intrusion detection. However, to prove that i need command line attempts to trigger.

Sorry for the long email, just trying to give you insight into my thought processes and ultimate objectives (and use case) for the great project you have worked so hard on creating.

Thanks again for your time.

On Wed, Feb 17, 2021 at 8:22 PM Ray Studinarz studz.woodworking@gmail.com wrote:

Will do tomorrow.... Ill let you know.

On Wed, Feb 17, 2021 at 7:26 PM mudmin notifications@github.com wrote:

I'll definitely take a look at that. I never really considered the command line. If you have time, would you mind doing one using this library and seeing if you can connect that way.... https://github.com/nailbuster/esp8266FTPServer

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mudmin/ESPCanary/issues/3#issuecomment-780944540, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS4PTRYS5CR2XRSHCRMBXH3S7RNDZANCNFSM4XZHKYPA .

[mudmin]

I think all that is great. Let me see what I can do. I think I can make it fire on an error 500. I REALLY appreciate your digging and your thorough response. . I'll look into it and let you know.

[studzwoodworking]

I appreciate that you are looking into it. The project excites me and it is so close to being perfect for my situation.... Thanks for all your efforts!

On Thu, Feb 18, 2021 at 6:09 PM mudmin notifications@github.com wrote:

I think all that is great. Let me see what I can do. I think I can make it fire on an error 500. I REALLY appreciate your digging and your thorough response. . I'll look into it and let you know.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mudmin/ESPCanary/issues/3#issuecomment-781695307, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS4PTRYUMI3V6V72TURP2CTS7WM4HANCNFSM4XZHKYPA .

[mudmin]

Can you either download the zip version of the repo or any way you want, grab the ESPCanary.cpp and ESPCanary.h and replace yours to see if that works? It worked for me and fired off on command line fail, but I want to make sure.

[studzwoodworking]

On Thu, Feb 18, 2021 at 18:56 mudmin notifications@github.com wrote:

Can you either download the zip version of the repo or any way you want, grab the ESPCanary.cpp and ESPCanary.h and replace yours to see if that works? It worked for me and fired off on command line fail, but I want to make sure.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mudmin/ESPCanary/issues/3#issuecomment-781712996, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS4PTR3RRX6N74CMU73XX5DS7WSJHANCNFSM4XZHKYPA .

Absolutely I’ll let you know tomorrow... wifey time.

[studzwoodworking]

Gave it a test during a commercial break and the canary did trigger once it connected via command line ftp.

I will still let you know how I make out with the Ethernet Shield and the Ethernet FTP project trial (on Sunday or Monday... gotta love Amazon) to see is command line ftp works there as it would be interesting to see if it actually works. If it does at least you will have a starting point if you ever consider making it work to login that way.

Thanks so much for your time and efforts. It is GREATLY appreciated! Thank you for being so responsive to my messages!

On Thu, Feb 18, 2021 at 21:24 Ray Studinarz studz.woodworking@gmail.com wrote:

On Thu, Feb 18, 2021 at 18:56 mudmin notifications@github.com wrote:

Can you either download the zip version of the repo or any way you want, grab the ESPCanary.cpp and ESPCanary.h and replace yours to see if that works? It worked for me and fired off on command line fail, but I want to make sure.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mudmin/ESPCanary/issues/3#issuecomment-781712996, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS4PTR3RRX6N74CMU73XX5DS7WSJHANCNFSM4XZHKYPA .

Absolutely I’ll let you know tomorrow... wifey time.

[mudmin]

I'm happy to help! Thanks for your contribution. I have zero clue what will happen with the ethernet shield. I have an olimex board with ethernet on it, but I mainly use it for MQTT and stuff. Ideally if it triggers on attempted connection, you're golden. Actually connecting is kind of a bonus.

[studzwoodworking]

Very true but curious anyways. I’m sure it will be insightful.

On Fri, Feb 19, 2021 at 09:23 mudmin notifications@github.com wrote:

I'm happy to help! Thanks for your contribution. I have zero clue what will happen with the ethernet shield. I have an olimex board with ethernet on it, but I mainly use it for MQTT and stuff. Ideally if it triggers on attempted connection, you're golden. Actually connecting is kind of a bonus.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mudmin/ESPCanary/issues/3#issuecomment-782106110, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS4PTRZR3MFTJLIHHDJT5ZTS7ZX6BANCNFSM4XZHKYPA .

[hemiawd]

Any updates, I see the same issue

With default un/pw C:\Windows\System32>ftp 192.168.1.62 Connected to 192.168.1.62. 220--- Welcome to FTP --- 220 -- Version FTP-2017-10-18 -- 500 Syntax error 530 user not found User (192.168.1.62:(none)): admin 221 Goodbye Connection closed by remote host.

With un/pw both set to % C:\Windows\System32>ftp 192.168.1.62 Connected to 192.168.1.62. 220--- Welcome to FTP --- 220 -- Version FTP-2017-10-18 -- 500 Syntax error 331 OK. Password required User (192.168.1.62:(none)): admi 500 Syntax error Login failed.

I likewise am doing proof of concept and really love this idea, canary emails do trigger, unable to connect with a CLI or with Filezilla.

I have found a related or second issue. I run a port scanner against the device and it is not detected. Actually the espcanary stops responding, including pings until I restart it. My proof of concept was an intruder would likely scan, discover and then attempt to access. I thought it might even trigger on a scan, but it just dies without being detected or notifying. I can open a separate issue if you'd like.