21/tcp - FTP

General Information

Name

File Transfer Protocol

Service

FTP (File Transfer Protocol) is a network protocol for transmiting files between computers over TCP/IP connections.

Notes

We can use this port to bidirectionally transfer files between our attacker machine and the target machine.

Connection

Client

ftp IP

Browser

ftp://USER:PASS@IP
# Example: ftp://anonymous:anonymous@10.10.10.1

Recon Checkklist

Banner Grabbing

# netcat
nc -nv IP 21
# telnet
telnet IP 21

Brute Force (Hydra)

hydra -L USER_DICT -P PASS_DICT IP ftp
# or
hydra -L USER_DICT -P PASS_DICT ftp://IP

Download Files

# All files
wget -m ftp://USER:PASS@IP
wget -m --no-passive ftp://USER:PASS@IP

Commands

Command

Description

USER username

Specify FTP username

PASS password

Specify FTP password

HELP

Show supported commands

PORT 127,0,0,1,0,80

Establish connection to IP 127.0.0.1 on port 80

LIST

List files in current directory

LIST -R

Recursively list files (if allowed)

PUT /path/file.txt

Upload file to FTP server

GET /path/file.txt

Download file from FTP server

Scripts

Nmap

Script Name

Description

Usage

ftp-anon

Checks if anonymous login is allowed on FTP server

nmap -p 21 --script ftp-anon <target>

ftp-bounce

Checks if FTP server allows bounce attacks

nmap -p 21 --script ftp-bounce <target>

ftp-brute

Performs brute-force password guessing on FTP

nmap -p 21 --script ftp-brute --script-args userdb=<dict> <target>

ftp-proftpd-backdoor

Detects ProFTPD 1.3.3c backdoor vulnerability

nmap -p 21 --script ftp-proftpd-backdoor <target>

List all available nmap scripts :

nmap --script-help="ftp-*"

ls /usr/share/nmap/scripts/ftp-*.nse

We can run all the available nmap scripts with:

nmap --script ftp-* -p 21 IP

Metasploit

Script Name

Description

Parameters

auxiliary/scanner/ftp/ftp_login

Attempts to authenticate against FTP servers

RHOSTS, RPORT, USERPASS_FILE, USER_AS_PASS, VERBOSE

auxiliary/scanner/ftp/anonymous

Checks if anonymous login is allowed on FTP server

RHOSTS, RPORT, VERBOSE

auxiliary/scanner/ftp/ftp_version

Retrieves FTP version information

RHOSTS, RPORT, VERBOSE

exploit/unix/ftp/vsftpd_234_backdoor

Exploits VSFTPD 2.3.4 backdoor vulnerability

RHOST, RPORT, PAYLOAD, LHOST, LPORT, VERBOSE

Previousrecon/port_enumeration Next22/tcp - SSH

Last updated 1 year ago

hashtagGeneral Information

hashtagConnection

hashtagClient

hashtagBrowser

hashtagRecon Checkklist

hashtagBanner Grabbing

hashtagBrute Force (Hydra)

hashtagDownload Files

hashtagCommands

hashtagScripts

hashtagNmap

hashtagMetasploit

General Information

Connection

Client

Browser

Recon Checkklist

Banner Grabbing

Brute Force (Hydra)

Download Files

Commands

Scripts

Nmap

Metasploit