FTP

File Transfer protocol (port 21)

Resources that might help

  • What is FTP?

  • some vuln desc and exploits/payloads

FTP Help menu

ftp> help
Commands may be abbreviated.  Commands are:

!               dir             mdelete         qc              site
$               disconnect      mdir            sendport        size
account         exit            mget            put             status
append          form            mkdir           pwd             struct
ascii           get             mls             quit            system
bell            glob            mode            quote           sunique
binary          hash            modtime         recv            tenex
bye             help            mput            reget           tick
case            idle            newer           rstatus         trace
cd              image           nmap            rhelp           type
cdup            ipany           nlist           rename          user
chmod           ipv4            ntrans          reset           umask
close           ipv6            open            restart         verbose
cr              lcd             prompt          rmdir           ?
delete          ls              passive         runique
debug           macdef          proxy           send

Bruteforce with hydra

  • Multiple users

hydra -L /path/to/username/wordlist.txt -P /path/to/password/wordlist.txt $IP ftp

#for ejpt exams the wordlist generally is in /usr
#easy cp paste : 
hydra -L /usr/share/metasploit-framework/data/wordlists/common_users.txt \
-P /usr/share/metasploit-framework/data/wordlists/common_users.txt $IP ftp

nmap

  • Bruteforce

nmap --script ftp-brute --script-args userdb=/path/to/user_list.txt $IP -p21

#e.g. of userdb : 
# echo 'test' > ~/ejpt/users
# userdb=~/ejpt/users
  • check if anonymous login is allowed

nmap -p21 $IP --script ftp-anon
# -sC does this for us already

Last updated