FTP (File Transfer Protocol) #
At a Glance #
Default Port: 21
FTP is a standard network protocol used for the transfer of files between a client and a server on a computer network. FTP is built on a client-server architecture using separate control and data connections between the client and the server. FTP authenticates users with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. 1
Banner Grabbing #
telnet 10.0.0.3 21
nc -n 10.0.0.3 21
nmap -sV -script banner -p21 -Pn 10.0.0.3
FTP Exploits Search #
Refer to Exploits Search
Anonymous Login #
Try anonymous login using
ftp 10.0.0.3 … Name (10.0.0.3:kali): anonymous 331 Please specify the password. Password: [anonymous] 230 Login successful.
List all files in order.
ftp> ls -lat 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. … 226 Directory send OK.
FTP Browser Client #
ftp://user:email@example.com from your browser.
If not credentials provided
anonymous:anonymous is assumed.
Brute Forcing #
Refer to FTP Brute Forcing
Configuration files #
Examine configuration files.2
ftpusers ftp.conf proftpd.conf
Binary and ASCII #
Binary and ASCII files have to be uploading using the
ascii mode respectively, otherwise, the file will become corrupted. Use the corresponding command to switch between modes.3
Recursively Download #
Recursively download FTP folder content.4
wget -m ftp://user:firstname.lastname@example.org/
Contributors to Wikimedia projects. “File Transfer Protocol - Wikipedia.” Wikipedia, the Free Encyclopedia, Wikimedia Foundation, Inc., 24 May 2002, https://en.wikipedia.org/wiki/File_Transfer_Protocol. ↩︎
“Penetration Testing Methodology” 0DAYsecurity.Com, http://www.0daysecurity.com/penetration-testing/enumeration.html. ↩︎
“RFC959: FTP: Data Transfer Functions.” World Wide Web Consortium (W3C), https://www.w3.org/Protocols/rfc959/3_DataTransfer.html. ↩︎