FTP (File Transfer Protocol) Service Enumeration

FTP (File Transfer Protocol)

At a Glance

Default Port: 21

FTP is a standard network protocol used for the transfer of files between a client and a server on a computer network. FTP is built on a client-server architecture using separate control and data connections between the client and the server. FTP authenticates users with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. 1

Telnet

telnet 10.0.0.3 21

Netcat

nc -n 10.0.0.3 21

banner NSE Script

nmap -sV -script banner -p21 -Pn 10.0.0.3

FTP

ftp 10.0.0.3

Refer to Exploits Search

Anonymous Login

Note: During the port scanning phase Nmap’s script scan (-sC), can be enabled to check for FTP Bounce and Anonymous Login.

Try anonymous login using anonymous:anonymous credentials.

ftp 10.0.0.3
…
Name (10.0.0.3:kali): anonymous
331 Please specify the password.
Password: [anonymous]
230 Login successful.

List all files in order.

ftp> ls -lat
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
…
226 Directory send OK.

FTP Browser Client

Note: Due to its insecure nature, FTP support is being dropped by Firefox and Google Chrome.

Try accessing ftp://user:pass@10.0.0.3 from your browser. If not credentials provided anonymous:anonymous is assumed.

Brute Forcing

Refer to FTP Brute Forcing

Note: SecLists includes a handy list of FTP default credentials.

Configuration files

Examine configuration files.2

ftpusers
ftp.conf
proftpd.conf

Miscellaneous

Binary and ASCII

Binary and ASCII files have to be uploading using the binary or ascii mode respectively, otherwise, the file will become corrupted. Use the corresponding command to switch between modes.3

Recursively Download

Recursively download FTP folder content.4

wget -m ftp://user:pass@10.0.0.3/

  1. Contributors to Wikimedia projects. “File Transfer Protocol - Wikipedia.” Wikipedia, the Free Encyclopedia, Wikimedia Foundation, Inc., 24 May 2002, https://en.wikipedia.org/wiki/File_Transfer_Protocol. ↩︎

  2. “Penetration Testing Methodology” 0DAYsecurity.Com, http://www.0daysecurity.com/penetration-testing/enumeration.html. ↩︎

  3. “RFC959: FTP: Data Transfer Functions.” World Wide Web Consortium (W3C), https://www.w3.org/Protocols/rfc959/3_DataTransfer.html. ↩︎

  4. Thibaut Barrère. “Command Line - How to Recursively Download a Folder via FTP on Linux - Stack Overflow.” Stack Overflow, https://stackoverflow.com/a/113900/578050. ↩︎