A comprehensive Docker-based lab environment for learning about FTP anonymous login vulnerabilities, demonstrating real-world attack scenarios, and practicing security assessment techniques.
This lab provides a vulnerable FTP environment for:
- Learning about FTP anonymous login vulnerabilities
- Practicing penetration testing techniques
- Understanding information disclosure risks
- Demonstrating real-world attack scenarios
- Learning security mitigation strategies
βββ build/ # FTP server application files
β βββ Dockerfile # Docker image for vulnerable FTP server
β βββ vsftpd.conf # Vulnerable vsftpd configuration
β βββ setup.sh # Startup script
βββ deploy/ # Deployment files
β βββ docker-compose.yml # Docker Compose configuration
β βββ env.example # Environment variables example
βββ test/ # Testing scripts
β βββ check_ftp.sh # Basic connection test
β βββ exploit_ftp_anonymous.sh # Vulnerability exploitation script
βββ docs/ # Documentation
β βββ usage.md # FTP commands guide
β βββ credentials.md # Credentials documentation
β βββ ftp_anonymous_vulnerability.md # Comprehensive vulnerability guide
βββ README.md # This file
βββ QUICK_START.md # Quick start guide
βββ .gitignore # Git ignore file
- Docker and Docker Compose installed
- Port 21 and 21100-21110 available
- Clone the repository
git clone <repository-url>
cd template-ftp- Configure environment (optional)
cd deploy
cp env.example .env
# Modify .env if needed (especially PASV_ADDRESS)- Build and start the vulnerable server
docker-compose up -d- Verify startup
docker-compose logs -f# Manual connection
ftp localhost 21
# Username: anonymous (or ftp)
# Password: (blank) or ftp
# Or use the automated exploit script
cd ../test
chmod +x exploit_ftp_anonymous.sh
./exploit_ftp_anonymous.sh- Username :
anonymous(or blank) - Password : (blank) or
anonymous - Alternative :
ftp/ftp - Port :
21
/public/flag.txt- CTF flag/config/database.conf- Database credentials/config/smtp.conf- SMTP credentials/backups/db_backup.sql- Database backup/logs/server.log- Server logs
- 21 : Port FTP principal
- 21100-21110 : Ports pour mode passif
- Anonymous access enabled (
anonymous_enable=YES) - Sensitive files accessible without authentication
- Database credentials in cleartext
- SMTP credentials exposed
- Server logs accessible
- Backup files available
- No authentication required for file access
- Sensitive configuration files readable
- Database backups accessible
- Log files containing sensitive information
- No access controls implemented
See docs/usage.md for a complete guide to FTP commands.
ftp -n localhost 21
user anonymous
# Password: (leave blank)
ls
cd public
get flag.txt
quitcd test
./exploit_ftp_anonymous.shcd test
./exploit_ftp_anonymous.sh- Connect with anonymous credentials
- Explore directory structure
- Download sensitive files
- Analyze exposed information
- Document findings
cd deploy
docker-compose down
docker-compose build --no-cache
docker-compose up -ddocker-compose logs -f ftp-serverdocker exec -it ftp-anonymous-vuln-lab /bin/bashcd deploy
docker-compose downdocker-compose down -v
docker image prune -fdocker cp ftp-anonymous-vuln-lab:/var/log/vsftpd.log ./logs/- Fork the project
- Create a feature branch (
git checkout -b feature/new-feature) - Commit your changes (
git commit -am 'Add new feature') - Push to the branch (
git push origin feature/new-feature) - Create a Pull Request
This project is licensed under the MIT License. See the LICENSE file for details.
This lab is for educational purposes only. NEVER use this configuration in production. The vulnerability is intentionally enabled for demonstration purposes.
- Quick Start Guide:
QUICK_START.md - Vulnerability Documentation:
docs/ftp_anonymous_vulnerability.md - Exploitation Script:
test/exploit_ftp_anonymous.sh