21/tcp - FTP
General Information
Name
File Transfer Protocol
Service
FTP (File Transfer Protocol) is a network protocol for transmiting files between computers over TCP/IP connections.
Notes
We can use this port to bidirectionally transfer files between our attacker machine and the target machine.
Connection
Client
ftp IPBrowser
ftp://USER:PASS@IP
# Example: ftp://anonymous:anonymous@10.10.10.1Recon Checkklist
Banner Grabbing
# netcat
nc -nv IP 21
# telnet
telnet IP 21Brute Force (Hydra)
hydra -L USER_DICT -P PASS_DICT IP ftp
# or
hydra -L USER_DICT -P PASS_DICT ftp://IPDownload Files
# All files
wget -m ftp://USER:PASS@IP
wget -m --no-passive ftp://USER:PASS@IPCommands
USER username
Specify FTP username
PASS password
Specify FTP password
HELP
Show supported commands
PORT 127,0,0,1,0,80
Establish connection to IP 127.0.0.1 on port 80
LIST
List files in current directory
LIST -R
Recursively list files (if allowed)
PUT /path/file.txt
Upload file to FTP server
GET /path/file.txt
Download file from FTP server
Scripts
Nmap
ftp-anon
Checks if anonymous login is allowed on FTP server
nmap -p 21 --script ftp-anon <target>
ftp-bounce
Checks if FTP server allows bounce attacks
nmap -p 21 --script ftp-bounce <target>
ftp-brute
Performs brute-force password guessing on FTP
nmap -p 21 --script ftp-brute --script-args userdb=<dict> <target>
ftp-proftpd-backdoor
Detects ProFTPD 1.3.3c backdoor vulnerability
nmap -p 21 --script ftp-proftpd-backdoor <target>
Metasploit
auxiliary/scanner/ftp/ftp_login
Attempts to authenticate against FTP servers
RHOSTS, RPORT, USERPASS_FILE, USER_AS_PASS, VERBOSE
auxiliary/scanner/ftp/anonymous
Checks if anonymous login is allowed on FTP server
RHOSTS, RPORT, VERBOSE
auxiliary/scanner/ftp/ftp_version
Retrieves FTP version information
RHOSTS, RPORT, VERBOSE
exploit/unix/ftp/vsftpd_234_backdoor
Exploits VSFTPD 2.3.4 backdoor vulnerability
RHOST, RPORT, PAYLOAD, LHOST, LPORT, VERBOSE
Last updated